PIX 501 Config Issue

Discussion in 'Cisco' started by Buck Rogers, May 31, 2005.

  1. Buck Rogers

    Buck Rogers Guest

    Hello,

    I've been trying to solve this problem for a while now and can't seem
    to get a handle on it. I posted a question here last week with one
    response that didn't solve the problem (from Walter Roberson) and I
    thought I'd ask in a different way.

    When I power up the pix, I can access the web configuration by typing
    https://192.168.1.1/startup.html. I can also access the pix via the
    serial terminal.

    When I go in through the serial terminal and enter configure
    factory-default 10.0.0.1 255.255.0.0, and then write memory and then
    reload, I can't access the web interface by entering
    https://10.0.0.1/startup.html. I can still access via serial
    terminal. I can't figure out what I'm doing (or not doing) to keep me
    from accessing the web interface when the default is 10.0.0.1
    One other note, when the default is 192.168.1.1 I can ping the pix and
    the pix can ping my computer. However, when I change the default to
    10.0.0.1, I can't ping at all either way.

    My config file follows:

    : Saved
    :
    PIX Version 6.3(4)
    interface ethernet0 auto
    interface ethernet1 100full
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    enable password xxxxxxxxxxxx encrypted
    passwd xxxxxxxxxxxx encrypted
    hostname pixfirewall
    domain-name ciscopix.com
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address outside xxx.xxx.56.29 255.255.255.252
    ip address inside 10.0.0.1 255.255.0.0
    ip audit info action alarm
    ip audit attack action alarm
    pdm location 10.0.0.0 255.255.0.0 inside
    pdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    route outside 0.0.0.0 0.0.0.0 xxx.xxx.56.30 1
    timeout xlate 0:05:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    1:00:00
    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ max-failed-attempts 3
    aaa-server TACACS+ deadtime 10
    aaa-server RADIUS protocol radius
    aaa-server RADIUS max-failed-attempts 3
    aaa-server RADIUS deadtime 10
    aaa-server LOCAL protocol local
    http server enable
    http 10.0.0.0 255.255.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server community public
    no snmp-server enable traps
    floodguard enable
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address 10.0.0.2-10.0.0.129 inside
    dhcpd dns xxx.xxx.98.98 xxx.xxx.42.42
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd auto_config outside
    dhcpd enable inside
    terminal width 80
    Cryptochecksum:871652e553896e43834a961f76223a7e
    : end
    [OK]


    Any input on how to accomplish accessing the pix via the web interface
    with a default of 10.0.0.1 255.255.0.0 would be greatly appreciated.

    Regards

    Buck

    _______________________________________________________________________________
    Posted Via Uncensored-News.Com - Accounts Starting At $6.95 - http://www.uncensored-news.com
    <><><><><><><> The Worlds Uncensored News Source <><><><><><><><>
     
    Buck Rogers, May 31, 2005
    #1
    1. Advertising

  2. Buck Rogers

    Paul Womar Guest

    Buck Rogers <> wrote:

    > When I power up the pix, I can access the web configuration by typing
    > https://192.168.1.1/startup.html. I can also access the pix via the
    > serial terminal.
    >
    > When I go in through the serial terminal and enter configure
    > factory-default 10.0.0.1 255.255.0.0, and then write memory and then
    > reload, I can't access the web interface by entering
    > https://10.0.0.1/startup.html.


    What does the setup on the PC look like? ('ipconfig /all' will probably
    be enough assuming it's a modern Wintel box).
    --
    -> The email address used in this message *IS* valid <-
     
    Paul Womar, May 31, 2005
    #2
    1. Advertising

  3. Buck Rogers

    Buck Rogers Guest

    On Tue, 31 May 2005 19:02:13 GMT, {$PW$}@womar.co.uk (Paul Womar)
    wrote:

    >Buck Rogers <> wrote:
    >
    >> When I power up the pix, I can access the web configuration by typing
    >> https://192.168.1.1/startup.html. I can also access the pix via the
    >> serial terminal.
    >>
    >> When I go in through the serial terminal and enter configure
    >> factory-default 10.0.0.1 255.255.0.0, and then write memory and then
    >> reload, I can't access the web interface by entering
    >> https://10.0.0.1/startup.html.

    >
    >What does the setup on the PC look like? ('ipconfig /all' will probably
    >be enough assuming it's a modern Wintel box).


    Paul,

    Ipconfig follows. Thanks for your input. Hope you have some
    additional thoughts.

    One note, I'm configuring the pix offline and connected only to my
    laptop until I can get to a point to bring it online with VPN. At
    present, when I bring online, the servers and all 35 clients can
    access the internet and retrieve their email. I need the GUI to help
    me better understand the VPN portion of the configuration, knowing
    that the terminal CLI is better over all.

    Regards,

    Buck

    C:\Documents and Settings\xxx>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : xxx
    Primary Dns Suffix . . . . . . . : mallard.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : mallard.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom 440x 10/100
    Integrated Controller
    Physical Address. . . . . . . . . : 00-11-43-66-55-C1
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 10.0.0.4
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . : 10.0.0.1
    DHCP Server . . . . . . . . . . . : 10.0.0.1
    DNS Servers . . . . . . . . . . . : xxx.xxx.98.98
    xxx.xxx.42.42
    Lease Obtained. . . . . . . . . . : Tuesday, May 31, 2005
    3:56:22 PM
    Lease Expires . . . . . . . . . . : Tuesday, May 31, 2005
    4:56:22 PM

    C:\Documents and Settings\xxx>



    _______________________________________________________________________________
    Posted Via Uncensored-News.Com - Accounts Starting At $6.95 - http://www.uncensored-news.com
    <><><><><><><> The Worlds Uncensored News Source <><><><><><><><>
     
    Buck Rogers, May 31, 2005
    #3
  4. For what it's worth, when I want to erase all and start all over again and
    get back up and running quickly, I do a "erase mem" and then reload, go
    through the initial dialog on the console to set IP address, etc, and then I
    start PDM and use the wizard to setup the VPN. Done.

    "Buck Rogers" <> wrote in message
    news:...
    > Hello,
    >
    > I've been trying to solve this problem for a while now and can't seem
    > to get a handle on it. I posted a question here last week with one
    > response that didn't solve the problem (from Walter Roberson) and I
    > thought I'd ask in a different way.
    >
    > When I power up the pix, I can access the web configuration by typing
    > https://192.168.1.1/startup.html. I can also access the pix via the
    > serial terminal.
    >
    > When I go in through the serial terminal and enter configure
    > factory-default 10.0.0.1 255.255.0.0, and then write memory and then
    > reload, I can't access the web interface by entering
    > https://10.0.0.1/startup.html. I can still access via serial
    > terminal. I can't figure out what I'm doing (or not doing) to keep me
    > from accessing the web interface when the default is 10.0.0.1
    > One other note, when the default is 192.168.1.1 I can ping the pix and
    > the pix can ping my computer. However, when I change the default to
    > 10.0.0.1, I can't ping at all either way.
    >
    > My config file follows:
    >
    > : Saved
    > :
    > PIX Version 6.3(4)
    > interface ethernet0 auto
    > interface ethernet1 100full
    > nameif ethernet0 outside security0
    > nameif ethernet1 inside security100
    > enable password xxxxxxxxxxxx encrypted
    > passwd xxxxxxxxxxxx encrypted
    > hostname pixfirewall
    > domain-name ciscopix.com
    > fixup protocol dns maximum-length 512
    > fixup protocol ftp 21
    > fixup protocol h323 h225 1720
    > fixup protocol h323 ras 1718-1719
    > fixup protocol http 80
    > fixup protocol rsh 514
    > fixup protocol rtsp 554
    > fixup protocol sip 5060
    > fixup protocol sip udp 5060
    > fixup protocol skinny 2000
    > fixup protocol smtp 25
    > fixup protocol sqlnet 1521
    > fixup protocol tftp 69
    > names
    > pager lines 24
    > mtu outside 1500
    > mtu inside 1500
    > ip address outside xxx.xxx.56.29 255.255.255.252
    > ip address inside 10.0.0.1 255.255.0.0
    > ip audit info action alarm
    > ip audit attack action alarm
    > pdm location 10.0.0.0 255.255.0.0 inside
    > pdm history enable
    > arp timeout 14400
    > global (outside) 1 interface
    > nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    > route outside 0.0.0.0 0.0.0.0 xxx.xxx.56.30 1
    > timeout xlate 0:05:00
    > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    > 1:00:00
    > timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    > timeout uauth 0:05:00 absolute
    > aaa-server TACACS+ protocol tacacs+
    > aaa-server TACACS+ max-failed-attempts 3
    > aaa-server TACACS+ deadtime 10
    > aaa-server RADIUS protocol radius
    > aaa-server RADIUS max-failed-attempts 3
    > aaa-server RADIUS deadtime 10
    > aaa-server LOCAL protocol local
    > http server enable
    > http 10.0.0.0 255.255.0.0 inside
    > no snmp-server location
    > no snmp-server contact
    > snmp-server community public
    > no snmp-server enable traps
    > floodguard enable
    > telnet timeout 5
    > ssh timeout 5
    > console timeout 0
    > dhcpd address 10.0.0.2-10.0.0.129 inside
    > dhcpd dns xxx.xxx.98.98 xxx.xxx.42.42
    > dhcpd lease 3600
    > dhcpd ping_timeout 750
    > dhcpd auto_config outside
    > dhcpd enable inside
    > terminal width 80
    > Cryptochecksum:871652e553896e43834a961f76223a7e
    > : end
    > [OK]
    >
    >
    > Any input on how to accomplish accessing the pix via the web interface
    > with a default of 10.0.0.1 255.255.0.0 would be greatly appreciated.
    >
    > Regards
    >
    > Buck
    >
    > _______________________________________________________________________________
    > Posted Via Uncensored-News.Com - Accounts Starting At $6.95 -
    > http://www.uncensored-news.com
    > <><><><><><><> The Worlds Uncensored News Source
    > <><><><><><><><>
    >
     
    you know who maybe, Jun 1, 2005
    #4
  5. "you know who maybe" <> wrote in message
    news:...
    > For what it's worth, when I want to erase all and start all over again and
    > get back up and running quickly, I do a "erase mem" and then reload, go
    > through the initial dialog on the console to set IP address, etc, and then
    > I start PDM and use the wizard to setup the VPN. Done.


    Replace "erase mem" with "wr erase". Sorry - I did not have access to a box
    until now.

    My memory just arrived and I'm getting ready to upgrade to 7.0 on a 515E.
     
    you know who maybe, Jun 1, 2005
    #5
  6. Buck Rogers

    Paul Womar Guest

    Buck Rogers <> wrote:

    > On Tue, 31 May 2005 19:02:13 GMT, {$PW$}@womar.co.uk (Paul Womar)
    > wrote:
    >
    > >Buck Rogers <> wrote:
    > >
    > >> When I power up the pix, I can access the web configuration by typing
    > >> https://192.168.1.1/startup.html. I can also access the pix via the
    > >> serial terminal.
    > >>
    > >> When I go in through the serial terminal and enter configure
    > >> factory-default 10.0.0.1 255.255.0.0, and then write memory and then
    > >> reload, I can't access the web interface by entering
    > >> https://10.0.0.1/startup.html.

    > >
    > >What does the setup on the PC look like? ('ipconfig /all' will probably
    > >be enough assuming it's a modern Wintel box).

    >
    > Paul,
    >
    > Ipconfig follows. Thanks for your input. Hope you have some
    > additional thoughts.
    > Dhcp Enabled. . . . . . . . . . . : Yes
    > Autoconfiguration Enabled . . . . : Yes
    > IP Address. . . . . . . . . . . . : 10.0.0.4
    > Subnet Mask . . . . . . . . . . . : 255.255.0.0


    Superficially I can't see anything obviously wrong myself, do telnet or
    ssh work after the address change?

    --
    -> The email address used in this message *IS* valid <-
     
    Paul Womar, Jun 1, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Remco Bressers
    Replies:
    1
    Views:
    561
    Jyri Korhonen
    Nov 21, 2003
  2. GVB
    Replies:
    1
    Views:
    2,920
    Martin Bilgrav
    Feb 6, 2004
  3. Binner

    Cisco PIX 501 NAT config issue

    Binner, Oct 5, 2004, in forum: Cisco
    Replies:
    3
    Views:
    3,050
    Martin Bilgrav
    Oct 7, 2004
  4. Andre
    Replies:
    7
    Views:
    813
    Andre
    Feb 20, 2005
  5. Scooty
    Replies:
    0
    Views:
    806
    Scooty
    Jun 14, 2008
Loading...

Share This Page