Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX 501 and DSL modem 1

Status
Not open for further replies.
mswansonpcs

mswansonpcs

Programmer
Jan 20, 2005
5
US
Hi

I posted this in the wrong forum before, any ideas.

In response to the answer i received, wouldn't that make us lose the safety of the firewall? If we set the dsl modem into full router mode, then computers wouldn't be connecting through the firewall, but only through the router. Am i wrong? Also, we need to get VPN functionality out of this, which is why i believe they need the *.34 address.

Thanks

mswansonpcs (Programmer) Jan 20, 2005
Hi, I am new to using the Pix Firewall. What we need to do is setup our DSL modem in conjunction with the pix, so the pix obtains a specific IP Address. We have purchased 5 ip addresses to use in our office. *.34-*.38 and when we connect to the net we get *.33 as our gateway. According to our tech staff in Texas we need the PIX to obtain the address *.34 from our DSL providers by setting our modem in bridge mode.

Well when we set the modem to bridge mode, the only way we can connect to the net is to provide the PIX with our PPPoE username/password, but that in turn gives the PIX a *.33 address. Is there anyway to connect to the net, using the PIX as a router and give it the *.34 address.

Does this make sense? The dsl modem is a speedstream 5200, and according to our providers the only way to set it to bridge modem is to reset the thing and not provide it any configuration.

Thanks for any help


Inappropriate post?
If so, Red Flag it!


Check out the FAQ
area for this forum!




Start Your Own Tek-Tips Group! Click Here!
computerhighguy (IS/IT--Manageme) Jan 20, 2005
First things first. There is a PIX group here. It is a great groop and more appropriate for this post.

If you DSL modem can be assigned the .33 address, then why don't you just use that? Then assign the .34-.38 to the PIX. The PIX really isn't a router, at least not in the conventional sense.

It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)


 
Sort by date Sort by votes
Your DSL provider should configure the modem with the IP space you purchased .33-.38, the interface on your modem facing the outside interface of your PIX should have the .33 address since this will be the "gateway" for your PIX. With that configuration the following commands should work for you:


ip address outside x.x.x.34 255.255.255.248
ip address inside 192.168.x.x 255.255.255.0

*******you only need one of the following commands*****
global (outside) 1 interface
global (outside) 1 x.x.x.35
global (outside) 1 x.x.x.36
global (outside) 1 x.x.x.37
***************************************************
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 x.x.x.33 1

access-list 101 permit ip 192.168.0.0 255.255.255.0 10.1.1.0 255.255.255.0

With this configuration you LAN is being protected by the PIX, all connections to the internet will be NAT'd by the PIX.

I hope this is helpful
 
Upvote 0 Downvote
Thanks a lot for this info, I'm going to try it when everyone is on lunch today. Maybe it doesn't matter, but the way the speedstream 5200 (dsl modem) handles all the static ip address is by mapping them through the NAT/NAPT interface, and when it does that, it maps say *.34 to 192.168.4.1 which would be the pix. Will the pix still function with a local address? Also, i assume the pix would be the device acting as a dhcp server to the computers on the network, and the dsl modem would have that disabled. Thanks
 
Upvote 0 Downvote
You don't want your DSL modem doing NAT or PAT if I'm following correctly. Your PIX will act as the DHCP server for your LAN:

dhcpd address 192.168.x.10-192.168.x.254 inside
dhcpd dns x.x.x.x (usually provided by your DSL provider)
dhcpd lease 21600 (this time can be shorter)
dhcpd ping_timeout 750
dhcpd domain yourcompany.com
dhcpd enable inside

Also, the outside interface of the PIX should have one of your public IP's assigned to it, so you MIGHT need to setup the DSL modem in bridge mode to accomplish this.

I hope this was helpful!!
 
Upvote 0 Downvote
Thanks again,

Well thats the odd part, the DSL modem will not go to bridge mode. It either goes into router mode or dummy modem role. I am under the impression that bridge is essentially a dummy modem that handles the log on to the ISP and nothing else. There is not bridge setting on my modem. I can have the PIX handle PPPoE but when i do that it obtians the *.33 address, which is not what we need.

Any thoughts,
Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
761
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
576
Nitta84
Nitta84
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
199
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
254
brownmab53
brownmab53

Part and Inventory Search

Sponsor

Back
Top