How can I configurate Cisco PIX 501 Firewall

Discussion in 'Cisco' started by Merv, Feb 22, 2006.

  1. Merv

    Merv Guest

    point your browser at cco.cisco.com and google for Cisco PIX DHCP


    ip address outside dhcp [setroute] [retry retry_cnt]

    The PIX functions as both a DHCP{ client - for example to get an
    address for its outside interface from an ISP and as a DHCP server - to
    dish out address to PC on the inside network
    Merv, Feb 22, 2006
    #1
    1. Advertising

  2. How can I configurate Cisco PIX 501 Firewall to use a dynamic IP-address
    instead of a static IP-address??

    How can give me an example?


    with kind regards,
    Tim
    APOC [T.I.M.], Feb 22, 2006
    #2
    1. Advertising

  3. "Merv" <> schreef in bericht
    news:...
    > point your browser at cco.cisco.com and google for Cisco PIX DHCP
    >
    >
    > ip address outside dhcp [setroute] [retry retry_cnt]
    >
    > The PIX functions as both a DHCP{ client - for example to get an
    > address for its outside interface from an ISP and as a DHCP server - to
    > dish out address to PC on the inside network
    >


    ..
    ..
    ..
    Nice! thanks for the info.
    Another question, IF I do this:
    ..
    static (inside,outside) tcp interface 6258 192.168.110.2 6258 netmask
    255.255.255.255
    static (inside,outside) udp interface 6268 192.168.110.2 6268 netmask
    255.255.255.255
    static (inside,outside) tcp interface 20 192.168.110.2 20 netmask
    255.255.255.255
    static (inside,outside) tcp interface 21 192.168.110.2 21 netmask
    255.255.255.255
    access-list outside_access_in permit icmp any any echo-reply
    access-list outside_access_in permit icmp any any unreachable
    access-list outside_access_in permit icmp any any time-exceeded
    access-list outside_access_in permit tcp any any eq 6258
    access-list outside_access_in permit udp any any eq 6268
    access-list outside_access_in permit tcp any any eq 21
    access-list outside_access_in permit tcp any any eq 20
    access-group outside_access_in in interface outside
    write memory
    clear xlate
    ..

    WILL it auto adjust IF my (ISP / outside) IP changes?
    I used interface instead of my ,,dynamic'' outside IP (well it's only
    dynamic when my ISP changes it, BUT this does happen from time to time)

    with kind regards,
    Tim
    APOC [T.I.M.], Feb 23, 2006
    #3
  4. In article <dtlgg6$l1b$1.ov.home.nl>,
    APOC [T.I.M.] <> wrote:
    >Another question, IF I do this:


    >static (inside,outside) tcp interface 6258 192.168.110.2 6258 netmask
    >255.255.255.255


    >access-list outside_access_in permit icmp any any echo-reply


    >access-group outside_access_in in interface outside


    >WILL it auto adjust IF my (ISP / outside) IP changes?


    It will auto-adjust for new connections, but connections that
    are active at the time of the IP change will be lost.


    For future reference:

    If you happen to have VPN tunnels active and are using
    internal addressing on the tunnel, then the tunnels -should-
    be able to resume, provided that you use 'isakmp identity hostname'.

    If you use 'isakmp identity address' instead, then the remote end
    would not recognize the PIX as being the same one when the
    tunnel was reconnected, and the tunnel would not be re-establishable
    until the old tunnel timed out.
    Walter Roberson, Feb 24, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John T
    Replies:
    2
    Views:
    1,691
    Memnoch
    Jul 6, 2003
  2. Rob
    Replies:
    11
    Views:
    5,106
  3. Andre
    Replies:
    7
    Views:
    715
    Andre
    Feb 20, 2005
  4. VMS Guy
    Replies:
    11
    Views:
    2,072
    Walter Roberson
    Feb 25, 2006
  5. cdoc

    Cisco pix 501 vs 501-50

    cdoc, May 19, 2006, in forum: Cisco
    Replies:
    6
    Views:
    645
    Walter Roberson
    May 20, 2006
Loading...

Share This Page