Need some help with a pix firewall

nraley · 10-06-2009, 12:08 PM

I have recently been thrown into the middle of configuring a pix firewall for a client and don't have any of the documentation for the previous configurations or anything.

That being said, after some extensive digging I managed to make out the layout of the system and get into each of the pix firewalls to make my necessary adjustments.

I am supposed to set this firewall up for a client to allow access from a given public IP address to be forwarded to a private IP address of a server on the other side of 2 pix firewalls.

Now, I believe I have the settings set up correctly, but I'm having a problem with assigning the server a static IP address.

Currently the pix is setup as a DHCP server and is handing out IP addresses. I took one of the IP addresses that was within its range, and actually assigned to the server automatically through DHCP, kept all the other settings the same (subnet mask, default gateway, dns server) and set the IP address of the server machine to the IP address it had been assigned by the PIX.

This works fine for about 2 minutes and then the machine loses connectivity to the Internet.

Any ideas why this isn't working? Nothing has changed from the information it pulls automatically when set to get the information automatically and what I have forced on the machine. I just can't make the appropriate settings if I can't keep this server as having the same IP and really have no idea why this isn't working.

Please help.

nraley · 10-06-2009, 03:43 PM

One other thing.

I realized I had created my access-list but totally forgot to apply it to the outside interface.

Assuming I have this:

access-list outside_access_in
access-list outside_access_in permit tcp any host xxx.xxx.xxx.xxx
access-list outside_access_in permit udp any host xxx.xxx.xxx.xxx

static (inside,outside) xxx.xxx.xxx.xxx aaa.aaa.aaa.aaa netmask 255.255.255.255 0 0

where aaa.aaa.aaa.aaa is the ip of my server, then everything coming from the outside to xxx.xxx.xxx.xxx will be forwarded to the machine at aaa.aaa.aaa.aaa correct?

I need tcp, udp, and html and shtml to be allowed to pass to and from the server machine on the other side of the firewall.

**bilbus** · 10-12-2009, 03:40 AM

Why not use the web interface if you are having issues with commands.

10-06-2009, 12:08 PM	#1 (permalink)
nraley Registered User Join Date: Oct 2009 Posts: 2 OS: vista	Need some help with a pix firewall I have recently been thrown into the middle of configuring a pix firewall for a client and don't have any of the documentation for the previous configurations or anything. That being said, after some extensive digging I managed to make out the layout of the system and get into each of the pix firewalls to make my necessary adjustments. I am supposed to set this firewall up for a client to allow access from a given public IP address to be forwarded to a private IP address of a server on the other side of 2 pix firewalls. Now, I believe I have the settings set up correctly, but I'm having a problem with assigning the server a static IP address. Currently the pix is setup as a DHCP server and is handing out IP addresses. I took one of the IP addresses that was within its range, and actually assigned to the server automatically through DHCP, kept all the other settings the same (subnet mask, default gateway, dns server) and set the IP address of the server machine to the IP address it had been assigned by the PIX. This works fine for about 2 minutes and then the machine loses connectivity to the Internet. Any ideas why this isn't working? Nothing has changed from the information it pulls automatically when set to get the information automatically and what I have forced on the machine. I just can't make the appropriate settings if I can't keep this server as having the same IP and really have no idea why this isn't working. Please help.

10-06-2009, 03:43 PM	#2 (permalink)
nraley Registered User Join Date: Oct 2009 Posts: 2 OS: vista	Re: Need some help with a pix firewall One other thing. I realized I had created my access-list but totally forgot to apply it to the outside interface. Assuming I have this: access-list outside_access_in access-list outside_access_in permit tcp any host xxx.xxx.xxx.xxx access-list outside_access_in permit udp any host xxx.xxx.xxx.xxx static (inside,outside) xxx.xxx.xxx.xxx aaa.aaa.aaa.aaa netmask 255.255.255.255 0 0 where aaa.aaa.aaa.aaa is the ip of my server, then everything coming from the outside to xxx.xxx.xxx.xxx will be forwarded to the machine at aaa.aaa.aaa.aaa correct? I need tcp, udp, and html and shtml to be allowed to pass to and from the server machine on the other side of the firewall.

10-12-2009, 03:40 AM	#3 (permalink)
bilbus TSF Enthusiast Join Date: Aug 2006 Posts: 949 OS: OS2 Warp	Re: Need some help with a pix firewall Why not use the web interface if you are having issues with commands.