«

Hi,

I've spent about 10 hours configing my PIX 501 today. I haven't had
much experience with networking but so far have managed to reset the
lost password (via TFTP server and password reset bin file) and got
PPPOE with DHCP for the external interface running after setting my DSL
router up as a bridge and also bridging through a motorola VOIP device.

OK this is where I run into trouble:

windows XP boxes using DHCP resolve DNS fine
windows XP boxes using static IPs can't resolve DNS when the DNS IP is
pointed to the PIX.

I need to run some static IPs for port forwarding but want the DNS to
resolve for the static IP addresses as well.

Can anyone point me to PIX config(s) option(s) which will

1) allow DHCP with DNS to function (note: this is already working but
I wish it to remain in working order)
2) for static IP addresses: allow DNS to resolve by entering the PIX
internal interface address
3) allow port-forwarding to a static IP addresses


Thanks in advance,
wonk

ok 6 hours more and still can't get this to work.

new details:
1) removed VOIP device from network.
2) changed DSL router back to router mode with PPOE BRIDGE and NAT for
PIX IP address (Had it working in full bridge mode)
3) PIX handles PPPOE login
4) got DNS working for both static and DHCP by hardcoding the static
ones

STILL can't get port forwarding to work at all

running version 6.3(1) reset to factory config and used the following
commands

access-list inbound permit icmp any any
access-list inbound permit tcp any any eq www

access-group inbound in interface outside
static (inside,outside) tcp interface www 192.168.1.203 www netmask
255.255.255.255

the 203 address is a box with a port 80 application running.

tried a port-scan website and two friends in two different countries
and the port is still not open. can someone offer some insight? It
should not be this hard to forward a port, something is wrong?

the pix 501 makes a great paperweight

Well, nobody replied to any of my requests for help but as usual, life
responds to those who help themselves. Got it all working through
persistance. For future reference if anyone is searching usenet for a
similar issue I will post the resolution here.

Main problem: when the PIX is set up for DHCP, STATIC IPs are unable to
use DNS
soltion: (since none better were posted) use STATIC DNS entires on
STATIC IPs, do not piont at the PIX inside interface for DNS as it will
not reslove them.

Secondary problem: Even if everything else is working port forwarding
only works if you use a cross-over patch cable instead of a straight
through cable. I had swiched mine to a straight through cable
somewhere along the line in all my troubleshooting attempts. Switching
back to a cross-over patch cable allowed port forwarding to work.



Was a cable issuse.