Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX 501 Config Issue

Reply
Thread Tools

PIX 501 Config Issue

 
 
Buck Rogers
Guest
Posts: n/a
 
      05-31-2005
Hello,

I've been trying to solve this problem for a while now and can't seem
to get a handle on it. I posted a question here last week with one
response that didn't solve the problem (from Walter Roberson) and I
thought I'd ask in a different way.

When I power up the pix, I can access the web configuration by typing
https://192.168.1.1/startup.html. I can also access the pix via the
serial terminal.

When I go in through the serial terminal and enter configure
factory-default 10.0.0.1 255.255.0.0, and then write memory and then
reload, I can't access the web interface by entering
https://10.0.0.1/startup.html. I can still access via serial
terminal. I can't figure out what I'm doing (or not doing) to keep me
from accessing the web interface when the default is 10.0.0.1
One other note, when the default is 192.168.1.1 I can ping the pix and
the pix can ping my computer. However, when I change the default to
10.0.0.1, I can't ping at all either way.

My config file follows:

: Saved
:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxx encrypted
hostname pixfirewall
domain-name ciscopix.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside xxx.xxx.56.29 255.255.255.252
ip address inside 10.0.0.1 255.255.0.0
ip audit info action alarm
ip audit attack action alarm
pdm location 10.0.0.0 255.255.0.0 inside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 xxx.xxx.56.30 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 10.0.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 10.0.0.2-10.0.0.129 inside
dhcpd dns xxx.xxx.98.98 xxx.xxx.42.42
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
terminal width 80
Cryptochecksum:871652e553896e43834a961f76223a7e
: end
[OK]


Any input on how to accomplish accessing the pix via the web interface
with a default of 10.0.0.1 255.255.0.0 would be greatly appreciated.

Regards

Buck

__________________________________________________ _____________________________
Posted Via Uncensored-News.Com - Accounts Starting At $6.95 - http://www.uncensored-news.com
<><><><><><><> The Worlds Uncensored News Source <><><><><><><><>

 
Reply With Quote
 
 
 
 
Paul Womar
Guest
Posts: n/a
 
      05-31-2005
Buck Rogers <(E-Mail Removed)> wrote:

> When I power up the pix, I can access the web configuration by typing
> https://192.168.1.1/startup.html. I can also access the pix via the
> serial terminal.
>
> When I go in through the serial terminal and enter configure
> factory-default 10.0.0.1 255.255.0.0, and then write memory and then
> reload, I can't access the web interface by entering
> https://10.0.0.1/startup.html.


What does the setup on the PC look like? ('ipconfig /all' will probably
be enough assuming it's a modern Wintel box).
--
-> The email address used in this message *IS* valid <-
 
Reply With Quote
 
 
 
 
Buck Rogers
Guest
Posts: n/a
 
      05-31-2005
On Tue, 31 May 2005 19:02:13 GMT, {$PW$}@womar.co.uk (Paul Womar)
wrote:

>Buck Rogers <(E-Mail Removed)> wrote:
>
>> When I power up the pix, I can access the web configuration by typing
>> https://192.168.1.1/startup.html. I can also access the pix via the
>> serial terminal.
>>
>> When I go in through the serial terminal and enter configure
>> factory-default 10.0.0.1 255.255.0.0, and then write memory and then
>> reload, I can't access the web interface by entering
>> https://10.0.0.1/startup.html.

>
>What does the setup on the PC look like? ('ipconfig /all' will probably
>be enough assuming it's a modern Wintel box).


Paul,

Ipconfig follows. Thanks for your input. Hope you have some
additional thoughts.

One note, I'm configuring the pix offline and connected only to my
laptop until I can get to a point to bring it online with VPN. At
present, when I bring online, the servers and all 35 clients can
access the internet and retrieve their email. I need the GUI to help
me better understand the VPN portion of the configuration, knowing
that the terminal CLI is better over all.

Regards,

Buck

C:\Documents and Settings\xxx>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : xxx
Primary Dns Suffix . . . . . . . : mallard.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mallard.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100
Integrated Controller
Physical Address. . . . . . . . . : 00-11-43-66-55-C1
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.0.4
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : xxx.xxx.98.98
xxx.xxx.42.42
Lease Obtained. . . . . . . . . . : Tuesday, May 31, 2005
3:56:22 PM
Lease Expires . . . . . . . . . . : Tuesday, May 31, 2005
4:56:22 PM

C:\Documents and Settings\xxx>



__________________________________________________ _____________________________
Posted Via Uncensored-News.Com - Accounts Starting At $6.95 - http://www.uncensored-news.com
<><><><><><><> The Worlds Uncensored News Source <><><><><><><><>

 
Reply With Quote
 
you know who maybe
Guest
Posts: n/a
 
      06-01-2005
For what it's worth, when I want to erase all and start all over again and
get back up and running quickly, I do a "erase mem" and then reload, go
through the initial dialog on the console to set IP address, etc, and then I
start PDM and use the wizard to setup the VPN. Done.

"Buck Rogers" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello,
>
> I've been trying to solve this problem for a while now and can't seem
> to get a handle on it. I posted a question here last week with one
> response that didn't solve the problem (from Walter Roberson) and I
> thought I'd ask in a different way.
>
> When I power up the pix, I can access the web configuration by typing
> https://192.168.1.1/startup.html. I can also access the pix via the
> serial terminal.
>
> When I go in through the serial terminal and enter configure
> factory-default 10.0.0.1 255.255.0.0, and then write memory and then
> reload, I can't access the web interface by entering
> https://10.0.0.1/startup.html. I can still access via serial
> terminal. I can't figure out what I'm doing (or not doing) to keep me
> from accessing the web interface when the default is 10.0.0.1
> One other note, when the default is 192.168.1.1 I can ping the pix and
> the pix can ping my computer. However, when I change the default to
> 10.0.0.1, I can't ping at all either way.
>
> My config file follows:
>
> : Saved
> :
> PIX Version 6.3(4)
> interface ethernet0 auto
> interface ethernet1 100full
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> enable password xxxxxxxxxxxx encrypted
> passwd xxxxxxxxxxxx encrypted
> hostname pixfirewall
> domain-name ciscopix.com
> fixup protocol dns maximum-length 512
> fixup protocol ftp 21
> fixup protocol h323 h225 1720
> fixup protocol h323 ras 1718-1719
> fixup protocol http 80
> fixup protocol rsh 514
> fixup protocol rtsp 554
> fixup protocol sip 5060
> fixup protocol sip udp 5060
> fixup protocol skinny 2000
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> fixup protocol tftp 69
> names
> pager lines 24
> mtu outside 1500
> mtu inside 1500
> ip address outside xxx.xxx.56.29 255.255.255.252
> ip address inside 10.0.0.1 255.255.0.0
> ip audit info action alarm
> ip audit attack action alarm
> pdm location 10.0.0.0 255.255.0.0 inside
> pdm history enable
> arp timeout 14400
> global (outside) 1 interface
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> route outside 0.0.0.0 0.0.0.0 xxx.xxx.56.30 1
> timeout xlate 0:05:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
> 1:00:00
> timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server TACACS+ max-failed-attempts 3
> aaa-server TACACS+ deadtime 10
> aaa-server RADIUS protocol radius
> aaa-server RADIUS max-failed-attempts 3
> aaa-server RADIUS deadtime 10
> aaa-server LOCAL protocol local
> http server enable
> http 10.0.0.0 255.255.0.0 inside
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> floodguard enable
> telnet timeout 5
> ssh timeout 5
> console timeout 0
> dhcpd address 10.0.0.2-10.0.0.129 inside
> dhcpd dns xxx.xxx.98.98 xxx.xxx.42.42
> dhcpd lease 3600
> dhcpd ping_timeout 750
> dhcpd auto_config outside
> dhcpd enable inside
> terminal width 80
> Cryptochecksum:871652e553896e43834a961f76223a7e
> : end
> [OK]
>
>
> Any input on how to accomplish accessing the pix via the web interface
> with a default of 10.0.0.1 255.255.0.0 would be greatly appreciated.
>
> Regards
>
> Buck
>
> __________________________________________________ _____________________________
> Posted Via Uncensored-News.Com - Accounts Starting At $6.95 -
> http://www.uncensored-news.com
> <><><><><><><> The Worlds Uncensored News Source
> <><><><><><><><>
>



 
Reply With Quote
 
you know who maybe
Guest
Posts: n/a
 
      06-01-2005

"you know who maybe" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> For what it's worth, when I want to erase all and start all over again and
> get back up and running quickly, I do a "erase mem" and then reload, go
> through the initial dialog on the console to set IP address, etc, and then
> I start PDM and use the wizard to setup the VPN. Done.


Replace "erase mem" with "wr erase". Sorry - I did not have access to a box
until now.

My memory just arrived and I'm getting ready to upgrade to 7.0 on a 515E.


 
Reply With Quote
 
Paul Womar
Guest
Posts: n/a
 
      06-01-2005
Buck Rogers <(E-Mail Removed)> wrote:

> On Tue, 31 May 2005 19:02:13 GMT, {$PW$}@womar.co.uk (Paul Womar)
> wrote:
>
> >Buck Rogers <(E-Mail Removed)> wrote:
> >
> >> When I power up the pix, I can access the web configuration by typing
> >> https://192.168.1.1/startup.html. I can also access the pix via the
> >> serial terminal.
> >>
> >> When I go in through the serial terminal and enter configure
> >> factory-default 10.0.0.1 255.255.0.0, and then write memory and then
> >> reload, I can't access the web interface by entering
> >> https://10.0.0.1/startup.html.

> >
> >What does the setup on the PC look like? ('ipconfig /all' will probably
> >be enough assuming it's a modern Wintel box).

>
> Paul,
>
> Ipconfig follows. Thanks for your input. Hope you have some
> additional thoughts.
> Dhcp Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> IP Address. . . . . . . . . . . . : 10.0.0.4
> Subnet Mask . . . . . . . . . . . : 255.255.0.0


Superficially I can't see anything obviously wrong myself, do telnet or
ssh work after the address change?

--
-> The email address used in this message *IS* valid <-
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco pix 501 vs 501-50 cdoc Cisco 6 05-20-2006 03:53 AM
PIX 501 <-> PIX 501 - Problem contating private networks on the inside Andre Cisco 7 02-20-2005 07:02 PM
Cisco PIX 501 NAT config issue Binner Cisco 3 10-07-2004 11:31 AM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM
[pix] desperatly need help with PIX-to-PIX config Remco Bressers Cisco 1 11-21-2003 08:58 PM



Advertisments