|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Security and Firewalls Protecting you against unwanted people and programs |
 |
|
|
Thread Tools |
04-08-2008, 12:21 AM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 2
OS: xp
|
pix firewall problem if it has dhcp server running
I was task to configure a pix firewall though I have no experience to it. Although I successfully installed the pix, I have minor problem that probably one of the members might help me. There are dhcp server running in the private network. If the dhcp server's gateway is the pix, most pc who got their ip via dhcp has no Internet connection. But if they static their ips, it has Internet connection.
They're saying that the problem is in the pix. Here is the config: PIX Version 7.1(2) ! hostname pixfirewall domain-name default.domain.invalid enable password yUrbou1d1Dk5WwfZ encrypted names ! interface Ethernet0 nameif outside security-level 0 ip address 203.84.23.226 255.255.255.240 ! interface Ethernet1 nameif inside security-level 100 ip address 192.168.1.253 255.255.255.0 ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive dns server-group DefaultDNS domain-name default.domain.invalid access-list outbound extended permit ip any any access-list outbound extended permit tcp any host 192.168.1.67 eq www access-list outbound extended permit tcp host 192.168.1.67 any eq www access-list 100 extended permit tcp any host 203.84.23.230 eq www access-list 100 extended permit tcp any host 203.84.23.231 eq www access-list 100 extended permit tcp any any eq www access-list 100 extended permit tcp host 203.84.23.231 any eq www access-list 100 extended permit tcp any host 203.84.23.227 eq lotusnotes access-list 100 extended permit tcp 203.84.20.0 255.255.255.0 host 202.84.23.226 eq telnet access-list 100 extended permit tcp any host 203.84.23.231 eq ftp access-list 100 extended permit tcp any host 203.84.23.229 eq www access-list 100 extended permit tcp any host 203.84.23.230 eq 3013 access-list 100 extended permit tcp any host 203.84.23.231 eq 3013 access-list 100 extended permit tcp any host 203.84.23.232 eq 3013 access-list 100 extended permit tcp any host 203.84.23.233 eq 3013 access-list 100 extended permit tcp any host 203.84.23.230 eq 5800 access-list 100 extended permit tcp any host 203.84.23.230 eq 5900 access-list 100 extended permit tcp any host 203.84.23.232 eq 5800 access-list 100 extended permit tcp any host 203.84.23.232 eq 5900 access-list 100 extended permit tcp any host 203.84.23.229 eq ftp access-list 100 extended permit tcp any host 203.84.23.235 eq www access-list 100 extended permit tcp any host 203.84.23.227 eq www access-list 100 extended deny icmp any host 203.84.23.226 access-list inbound extended permit tcp any host 203.84.23.231 eq www access-list inbound extended permit tcp any host 203.84.23.230 eq www pager lines 24 logging asdm informational mtu outside 1500 mtu inside 1500 no failover asdm image flash:/asdm no asdm history enable arp timeout 14400 global (outside) 1 203.84.23.227-203.84.23.237 nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) 203.84.23.231 192.168.1.67 netmask 255.255.255.255 static (inside,outside) 203.84.23.228 192.168.1.12 netmask 255.255.255.255 static (inside,outside) 203.84.23.229 192.168.1.13 netmask 255.255.255.255 static (inside,outside) 203.84.23.232 192.168.1.58 netmask 255.255.255.255 static (inside,outside) 203.84.23.233 192.168.1.74 netmask 255.255.255.255 static (inside,outside) 203.84.23.230 192.168.1.22 netmask 255.255.255.255 static (inside,outside) 203.84.23.235 192.168.1.78 netmask 255.255.255.255 static (inside,outside) 203.84.23.227 192.168.1.1 netmask 255.255.255.255 access-group 100 in interface outside access-group outbound in interface inside route outside 0.0.0.0 0.0.0.0 203.84.23.225 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute username eastern password 4FsAsQ9qHIX/yaV/ encrypted username worldvision password FZIm6HFr1iuxwOIv encrypted http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet 192.168.1.10 255.255.255.255 inside telnet timeout 15 ssh timeout 5 console timeout 0 dhcpd lease 3600 dhcpd ping_timeout 50 class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global Cryptochecksum:84b5f7ba0b9c691e57f1d62f5547fdaa : end |
|
     
|
|
04-08-2008, 11:14 PM
|
#2 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 2
OS: xp
|
Re: pix firewall problem if it has dhcp server running
any advise?
I have tried nat (inside) 1 192.168.1.0 255.255.255.0 but still has a problem? Could it be the DHCP server and not the pix firewall? I cannot connect remotely to the pix since it was located in other floor |
|
|
|
|
| Thread Tools | |
|
|
