Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX problem when using dhcp server

Reply
Thread Tools

PIX problem when using dhcp server

 
 
packets packets is offline
Junior Member
Join Date: Apr 2008
Posts: 2
 
      04-09-2008
I'm new to pix. I have a client and I'm the one who task to configured pix and share it over the private network. My problem is I have a dhcp server and I don't use the dhcp features of pix firewall. When they connect to Internet using dhcp, they have no browsing. But if they chose to static their ips, they can access the Internet. Could it be the problem of the pix firewall's configuration? Here is the config:
PIX Version 7.1(2)
!
hostname pixfirewall
domain-name default.domain.invalid
enable password yUrbou1d1Dk5WwfZ encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
ip address 209.85.23.x 255.255.255.240
!
interface Ethernet1
nameif inside
security-level 100
ip address 192.168.1.253 255.255.255.0
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list outbound extended permit ip any any
access-list outbound extended permit tcp any host 192.168.1.67 eq www
access-list outbound extended permit tcp host 192.168.1.67 any eq www
access-list 100 extended permit tcp any host 209.85.23.x eq www
access-list 100 extended permit tcp any host 209.85.23.x eq www
access-list 100 extended permit tcp any any eq www
access-list 100 extended permit tcp host 209.85.23.x any eq www
access-list 100 extended permit tcp any host 209.85.23.x eq lotusnotes
access-list 100 extended permit tcp 209.85.20.0 255.255.255.0 host 202.84.23.226
eq telnet
access-list 100 extended permit tcp any host 209.85.23.x eq ftp
access-list 100 extended permit tcp any host 209.85.23.x eq www
access-list 100 extended permit tcp any host 209.85.23.x eq 3013
access-list 100 extended permit tcp any host 209.85.23.x eq 3013
access-list 100 extended permit tcp any host 209.85.23.x eq 3013
access-list 100 extended permit tcp any host 209.85.23.x eq 3013
access-list 100 extended permit tcp any host 209.85.23.x eq 5800
access-list 100 extended permit tcp any host 209.85.23.x eq 5900
access-list 100 extended permit tcp any host 209.85.23.x eq 5800
access-list 100 extended permit tcp any host 209.84.23.x eq 5900
access-list 100 extended permit tcp any host 209.84.23.x eq ftp
access-list 100 extended permit tcp any host 209.84.23.x eq www
access-list 100 extended permit tcp any host 209.84.23.x eq www
access-list 100 extended deny icmp any host 209.84.23.226
access-list inbound extended permit tcp any host 209.84.23.231 eq www
access-list inbound extended permit tcp any host 209.84.23.230 eq www
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
no failover
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
global (outside) 1 209.84.23.227-209.84.23.237
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 209.84.23.x 192.168.1.67 netmask 255.255.255.255
static (inside,outside) 209.84.23.x 192.168.1.12 netmask 255.255.255.255
static (inside,outside) 209.84.23.x 192.168.1.13 netmask 255.255.255.255
static (inside,outside) 209.84.23.x 192.168.1.58 netmask 255.255.255.255
static (inside,outside) 209.84.23.x 192.168.1.74 netmask 255.255.255.255
static (inside,outside) 209.84.23.x 192.168.1.22 netmask 255.255.255.255
static (inside,outside) 209.84.23.x 192.168.1.78 netmask 255.255.255.255
static (inside,outside) 209.84.23.x 192.168.1.1 netmask 255.255.255.255
access-group 100 in interface outside
access-group outbound in interface inside
route outside 0.0.0.0 0.0.0.0 209.84.23.214 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username eastern password 4FsAsQ9qHIX/yaV/ encrypted
username worldvision password FZIm6HFr1iuxwOIv encrypted
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.1.10 255.255.255.255 inside
telnet timeout 15
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 50
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
Cryptochecksum:84b5f7ba0b9c691e57f1d62f5547fdaa
: end
 

Last edited by packets; 04-09-2008 at 06:27 AM..
Reply With Quote
 
 
 
 
packets packets is offline
Junior Member
Join Date: Apr 2008
Posts: 2
 
      04-09-2008
I have tried nat (inside) 1 192.168.1.0 255.255.255.0 but still the same.

Does it have a bearing?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wireless DHCP clients cannot obtain an IP address from the DHCP se =?Utf-8?B?SGVpbkQ=?= Wireless Networking 0 01-08-2006 03:41 PM
pix to pix dhcp to static vpn jspr Cisco 5 07-29-2005 09:01 PM
run > ipconfig > net stop dhcp then > net start dhcp Fayza Computer Support 3 05-12-2004 07:10 PM
if Active Directory no DHCP? or: Where ist my DHCP Ingo Hauf Computer Support 2 10-18-2003 02:25 PM



Advertisments