PIX 501 Configuration Using PDM

Discussion in 'Cisco' started by Frank Angel, May 15, 2005.

  1. Frank Angel

    Frank Angel Guest

    Hi All,

    I'm a newbie working with a hardware firewall and am lost getting a working
    configuration to where I can get response from the outside. I'm working with
    the PDM software to configure the router. Here's my network and
    configuration:

    -->DSL with static public ip address natted to private ip address of
    192.168.0.104 (Netopia Cayman dsl router/modem with ip of
    192.168.0.254)-->going from netopia lan port to Cisco 501 port 0.

    -->Windows 2003 server with static ip of 192.168.1.104 to Cisco 501 (with ip
    of 192.168.1.1) lan port.

    -->I have turned off dhcp in the 501.

    -->I've configured the outside interface Source to any and the destination
    inside source to 192.168.1.1.

    -->What else am I missing? What else needs to be configured.

    Any help is appreciated.

    Thank,
    Frank Angel
    Frank Angel, May 15, 2005
    #1
    1. Advertising

  2. In article <>,
    Frank Angel <> wrote:
    :I'm a newbie working with a hardware firewall and am lost getting a working
    :configuration to where I can get response from the outside.

    What kind of response?

    :-->I've configured the outside interface Source to any and the destination
    :inside source to 192.168.1.1.

    ? Configured where? This sounds sort of like an access-list
    configuration but I'm having a bit of trouble following the meaning.
    Is this something you configured on the Netopia?

    :-->What else am I missing? What else needs to be configured.

    How are you testing? If you are testing using ping then a
    trick you need to know is that the PIX does not keep very good
    state on icmp (which isn't a "connection-oriented" protocol),
    so if you want to be able to get ping replies you often need to
    explicitly configure the PIX outside ACL to permit incoming
    icmp echo-reply .

    You can also theoretically have problems with DNS, since DNS
    is UDP and the PIX by default assumes that UDP that has not
    had traffic for 2 minutes is finished and would automatically
    close the translation. Thus, in some cases you may need to
    explicitly configure the PIX outside ACL to permit incoming
    messages with a source of udp 53 (DNS) and a destination of
    udp 137 (NETBIOS), udp 53 (microsoft DNS client) or udp above 1023
    (standard DNS clients.) In -practice- though, most DNS replies
    are within about 70 seconds (there are 1 minute timeouts for
    some operations) so -usually- the default of 2 minutes is okay.


    What default route have you set on the PIX?
    --
    Any sufficiently advanced bug is indistinguishable from a feature.
    -- Rich Kulawiec
    Walter Roberson, May 15, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bill H

    PIX 501 and PDM

    Bill H, Jul 20, 2004, in forum: Cisco
    Replies:
    3
    Views:
    3,841
    admin too
    Jul 21, 2004
  2. Mr Ping

    PDM version for pix 501

    Mr Ping, Mar 22, 2005, in forum: Cisco
    Replies:
    3
    Views:
    2,407
    Mr Ping
    Mar 22, 2005
  3. Christian M. Mericle

    Unable to Access PDM (PIX 501)

    Christian M. Mericle, Apr 7, 2005, in forum: Cisco
    Replies:
    7
    Views:
    39,957
    Christian M. Mericle
    Apr 12, 2005
  4. Jim Pineau

    pdm and PIX 501

    Jim Pineau, Apr 29, 2005, in forum: Cisco
    Replies:
    3
    Views:
    600
    Brian
    May 9, 2005
  5. Hank Zoeller

    PIX 501 PDM Oddity

    Hank Zoeller, May 20, 2005, in forum: Cisco
    Replies:
    2
    Views:
    493
    Hank Zoeller
    May 20, 2005
Loading...

Share This Page