Typical configuration for Pix501 after router

Our network topology is:
  wire from street  -> cable modem   -> router  ->  computers
The router is a simple Netgear wireless router.    We want to install a Pix501 firewall for one of the computers only (cant do it for all computers for a complicated reason).   So we want it to look like this:
  wire from street  -> cable modem   -> router  -> Pix501 ->  one computer
The router uses IP addresses 192.168.1.x.   We installed the Pix501 as shown above, but no matter what configuration we try, it is not working.
I've searched high and low through this forum for typical configuration to use in the Pix501.  I've also read the official Cisco configuration guide at
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/config.html  ... but they all seem to discuss topologies where the Pix501 is between the cable modem and the router. 
Can someone point me to a reference document that suggests a typical Pix501 configration settting for where the Pix501 is between the router and  computer?   Once I get a good starting point, I'm sure I can take it from there.   Thanks!

Hi,
If your aim is to just simply allow outbound traffic from the user behind the PIX to the Internet then there should not be that many things to configure on the PIX.
It would either have a static "outside" interface configuration with a static default route configuration pointing towards the Router gateway interface in the network 192.168.1.0/24.
If you have the PIX using DHCP then it will probably get the IP address and default route from the Router automatically.
Next you would have to make sure you have configured Dynamic PAT for the user so its connection will show up coming from the 192.168.1.0/24 address space to the Router. Otherwise it might be visible to the Router with its original IP address and naturally the connections wouldnt work.
I guess you could always share the current configuration and let us see if there are any problems there. The software version and the device itself are pretty old though. Pretty ancient configuration format
- Jouni

Similar Messages

  • Cisco works LMS 3.0.1 does not archiever configuration for cisco 7201 router

    Hi All,
    We have Cisco works LMS 3.0.1 and it does not archiever configuration for cisco 7201 router.
    Any help would be appriciated.
    Thanks in advance
    Samir

    Hi,
    *** Device Details for d0151-100 ***
    Protocol ==> Unknown / Not Applicable
    Selected Protocols with order ==> TFTP,SSH,HTTPS
    Execution Result:
    Unable to get results of job execution for device. Retry the job after increasing the job result wait time using the option:Resource Manager Essentials -> Admin -> Config Mgmt -> Archive Mgmt ->Fetch Settings
    This is the error while doing syn archieve.
    I am not sure about Rtr7000 version but we have latest Rtr7000.
    Waiting for your kind reply.
    Samir

  • Optimal configuration for Cisco E3000 Router

    Hi All,
    Following are the details of my current home network setup, I would like to hear more recommendations and drawbacks of this setup.
    ISP has provided with a Cisco  DPC3825 DOCSIS 3.0 Gateway which has 4 Ethernet ports and a wireless networking but only 2.4 GHz.. This router is connected to the cable CPE box to internet. I have enabled the Firewall features of this router and disabled the Wireless network. This has also the DHCP server running. 
    The Second router is a Cisco E3000 which supports 2.4 GHz / GHz wireless networking. Connection to gateway is made via the 1st Ethernet port of gateway and then to the Internet port of E3000 router. I have connected my wireless devices to E3000 with GHz wifi lan. This router also has the firewall activated and DHCP server running as well.
    Both routers have WEP2 Personal / AES security configured. Currently these two devices are on two different IP ranges ..etc gateway is 192.168.0.1 and e3000 is 192.168.1.1.
    The E3000 is primarily configured for my online video for TV (Panasonic Vireacast). Please let me know if this is the best configuration or any other possible options.
    Thanks,
    RG

    This configuration is called LAN to WAN configuration and this is the best configuration considering that you want to behave both the router as a router.
    Because the other confiuration would be LAN to LAN then you can only use 1 router as a router and 2nd router as a switch.
    http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&docid=529c188bc0ee4f7da79ffc22f2be33ec_4579.xml&pid=80&r...
    The first configuration in the article is is LAN to LAN, scroll down the window for LAN to WAN configuration.

  • Unsure of proper configuration for SF300-24 & router

    Hello,
    Our company lost a switch and replaced it with a SF300-24.  The other components are a Westell modem and an Amped Wireless R10000G router.
    The current configuration has the Westell DLS modem going into the R10000G router, the router is the DHCP server and from there it is plugged into port 1 of the switch (DHCP is off on the switch).
    I am not sure who set this up but apparently we have no one around that is able to fix the situation.
    So the problem is the computers on the network randomly drop off the network during the day and sometimes upon booting them up in the morning won't even see the local network.  If I unplug the R10000G and then plug back in that fix's the problem for a few hours but then sooner or later the computers randomly drop off.
    There is one network printer set to a static IP address.  It never seems to have an issue.  I have tried setting some of the computers to static but they still have connection issues at some point.
    Would anyone have some suggestions on how this configuration "should be" properly setup?
    Thank you for your time and help,
    Matt

    I checked the spanning tree area and there are many interface settings none of which came right out and had a port fast option.
    However under STP Status & Global Settings there were the following options.
    Global Settings:
    Spanning tree state: Enabled
    STP Operation Mode:
    Classic STP
    Rapid STP (currently checked)
    Multiple STP
    BPDU Handling:
    Filtering
    Flooding (currently checked)
    Path Cost Default Values:
    Short
    Long (currently checked)
    Bridge Settings:
    Priority: 32768
    Hello Time: 2sec
    Max Age: 20sec
    Forward Delay: 15sec
    Thanks again for your time!
    Matt

  • Best configuration for a LinkSys Router

    I've had the best wifi signal using a new LinkSys E3000 router, but it's varied depending on the band/channel. Can anyone else with a LinkSys router recommend settings that work best with an iPad?
    Here's mine:
    LinkSys E3000
    5GHz
    N-only
    20MHz channels
    Static IP, using DHCP reservation
    36-48 channels
    SSID broadcast enabled

    Let me know the distance between wrt54gs router and the access point...
    If the distance is 60 to 70 feet you may try this...Though AP Client will only work with another WAP54G you may still try this...This set up will not work if you try to communicate the WRT54GX2 router with WAP54G, so you need to configure the WRT54GS router with WAP54G...
    1) Connect the WRT54GS router to the modem and configure the WRT54GS router for internet access...Once you are done configure your Access Point in Access Point Client Mode...For this you need to log in to your wrt54gs router and go to status tab, click on Wireless subtab under Status...Note down the MAC Address...
    2) Now access the set-up page of your Access Point, click on AP Mode and select AP Client and in the Remote Access Point's LAN MAC Address field type the Wireless MAC Address you took note in Step1 and click Save Settings...
    3) Match the Wireless Settings and IP Address settings on both the devices(WRT54GS and WAP54G)...
    4) Connect the WAP54G on the LAN/ETHERNET Port of the WRT54GX2 router and disable it's DHCP...Change the Wireless Settings on the WRT54GX2 router and connect your wireless clients to the router...See if this works...

  • Have reformatted my Imac using original discs (installed leopard (10.5)) tried to do the software update but it cant download the itunes update and when it gets to the configure update screen after restart for main update, it just gets stuck. HELP!

    have reformatted my Imac using original discs (installed leopard (10.5)) tried to do the software update but it cant download the itunes update and when it gets to the configure update screen after restart for main update, it just gets stuck. HELP!
    The configure bar gets about an 1/8 full and then just does nothing. I think its lists the update as combo update? cant remember with out checking.
    I have tried to do the disk verify and repair but this has made no difference.
    Please let me know what i need to do, I have reformatted the mac just to start over as was clogged with a lot of useless data, I had installed lion (10.7) from the app store previously and now cant seem to find a way to re install lion. I hope I dont need to pay for it again?

    If you erased your hard drive, you'll need to reinstll OS X 10.6 Snow Leopard to access the App store. You won't have to pay for OS X 10.7 Lion again. Did you try booting to the recovery partition by holding the command and r keys down? If that's still there, you can reinstall OS X 10.7 from there.
    If you're looking to install the current iTunes, you need OS X 10.6.8 at a minimum.
    If you're still trying to update OS X 10.5 Leopard, you can download the combo update from here.  Download, use Disk Utility to repair permissions, apply the update, then repair permissions again. That will take you to OS X 10.5.8.

  • What's "SAVE" configuration command for Cisco switch/ router?

    What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well,
    but so long, any other command that easy to remenber?

    What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well, but so long,
    any other command that easy to remenber?
    yes, here: Switch#write,and want to know more about the Cisco switch, please visit:http://www.3anetwork.com/cisco-switches-price_c1

  • LZW 4G LTE Router Configuration for Cisco 881W (Teleworker, VPN)

    I can't get the configuration of the the router to allow traffic on my company's VPN. The router is connected to the internet and otherwise works fine but whenever I attempt to connect via Cisco AnyConnect or the Cisco router, I can connect but can't access any intranet resource, email, etc. In essence, I can authenticate but can't do anything.
    I've tried contacting NetGear and they referred me to Verizon. I contact Verizon and Technical Support does not have any information about how to configure their own routers. I'm waiting to hear back from an escalation group in my company's technical support.
    I tried opening ports for UDP/TCP already and I attempted to create a static route but the router tells me that my info in incorrect (but I have no idea what is wrong either).
    Has anyone come across a similar situation or could help point me in a direction towards a solution?
    Thansk.

    Check with the network administrators for your company.  They should be able to confirm the version of your Cisco AnyConnect VPN and the requirements that it needs to open and sustain a tunnel.  Once you learn the requirements you can come back to the VZW forums for assistance on configuring your device.
    Normally when a VPN authenticates but does not allow any communcation it means that there is a port, firewall rule or NAT feature conflict somewhere on the local network.  For example, the old Cisco IPSec VPN requires UDP ports 500/4500, IP 50 and TCP 10000 to be open in addition to NAT-T enabled on the VPN server.  Your company may have customized the VPN for thier enviornment so you really need the details before you can move forward.
    A good link I like to save for instances like this (old Cisco VPN):
    http://www.canvassystems.com/blog/articletype/articleview/articleid/14/how-to-fix-cisco-vpn-client-error-412.aspx

  • Ipx configuration for router 2800

    please help me to have ipx configuration for router 2800 work with novel ver4 server.

    please help me to have ipx configuration for router 2800 work with novel ver 4 server.

  • 6602: Want to route a dedicated DIO (0-7) Line configured for output to a RTSI line

    PXI-6602: I want to use a dedicated DIO (0-7) line configured for output to trigger all 8 counters on the 6602 card. The counters are configured for two-signal-edge-separation measurement. I Have tried to use Route-Signal.vi to route PFIn (0-7) to RTSI bus with no luck.

    You should be able to trigger counters on the 6602 using the Digital Lines DIO (0-7).
    Use the Set Attribute VI and set the attribute value type to Enabled and attribute ID to Start Trigger.
    Wire the output of Set Attribute Task ID to the Task ID input of the Route Signal VI. Select the start trigger for the Signal Name input, PFI n for Signal Source input and PFI line Number for Signal Source Line Number input. Try this and see if this works.
    Regards,
    Bharat Sandhu
    Applications Engineering
    National Instruments."
    Penny

  • Require to configure CUCM and Gateway router PRI for 200 users

    Hi all,
    My current scenario is like this:
    We have two CUCM servers(7.1) in reduandancy. One is publisher and other is subscriber. We have a gateway router 2921 with a single PRI card. We have 200 IP Phone users. Currently the problem is we have only 30 telephone lines. So with the help of DID configuration. We assign thirty ports to thirty users. Now these thirty users are able to to make an outbound call and recieve an Inbound call. Now I also want to create a pattern in which we dedicate 10 channaels for other 120 users to make an outbound call. And restrict 50 users to not make an outbound call. So we require such a scenario.
    Total 200 Users:
    1. First 30 users. Able to make an outbound call and also able to recieve an inbound call.
    2.  Next 120 Users. Able to make an outbound call. But not able to recieve an inbound call because of PRI restriction. Because we only have a thirty numbers. Dedicate 10 channels for them.
    3. Last 50 users. Not able to make an outbound call. And also not able to recieve an Inbound call.
    So I need a configurations of Gateway router and PRI. And also of CUCM in which we could define such a pattern.
    Regards,
    Ali Raza

    Ali,
    The outbound call restrictions can be implemented using the CUCM Calling Search Space configurations.  A basic example to illustrate:
    Partition 1:  internal_pt   (only internal patterns)
    Partition 2: phones_pt (ip phones on your network)
    Partition 3: pstn_pt (off net patterns/external)
    CSS1: Offnet_css
    internal_pt
    phones_pt
    pstn_pt
    CSS2: Onnet_css
    internal_pt
    phones_pt
    You place all patterns that can reach off net in "pstn_pt". Phones that are using CSS2 cannot reach off net.  The above example is leveraging the device CSS for all call routing decisions.Using this approach, you would assign "onnet_css" to phones that can only dial internally. NOTE: I am just using a basic example here and not suggesting you use this PT/CSS config "as is".
    There is another approach where you "allow" all patterns on a device and "restrict" on the line. For example:
    Partition 1:  internal_pt   (only internal patterns)
    Partition 2: phones_pt (ip phones on your network)
    Partition 3: pstn_pt (off net patterns/external)
    Partition 4: block-pstn_pt (blocking patterns for pstn)
    CSS1: AllPhones_css
    internal_pt
    phones_pt
    pstn_pt
    CSS2: restrict-pstn_css
    block-pstn_pt
    Again, pstn_pt contains all pstn patterns.  The block-pstn_pt would also contain off net patterns. The difference is that in the block-pstn_pt all patterns would have the "Block this pattern" flag enabled. All phones would have a Device Level CSS of AllPhones_css.  Phone lines where you wanted to restrict off net dialing would have a Line Level CSS of restrict-pstn_css.
    Just a quick refresher, when a phone LINE goes off hook to dial the CUCM is using the "Line Level CSS" + "Device Level CSS" to make the routing decision.  So, assume Line 1 on Phone A has restrict-pstn_css and the phone Device Level CSS is AllPhones_CSS. The Effective Search Space is:
    1. block-pstn_pt
    2. internal_pt
    3. phones_pt
    4. pstn_pt
    So, if we assume that block-pstn_pt contains patterns that override patterns in pstn_pt then you can effectively block off net access to Phone A, Line 1.
    Why would this be a good approach?  Well, what if you had a need to restrict Line 1 on Phone A but allow Line 2 on Phone A.  Using line level restrictions is much more flexible. Especially if you have more than 2 options you need to consider.
    As far as inbound restrictions. If a phone line doesn't have a DID then you have achieved your objective.
    The part I can't answer is reserving 10 specific channels for one group of users. I do not believe this is possible.
    HTH.
    Regards,
    Bill

  • Linksys Easy Link Advisor for WRT310N Wireless Router after upgrading to Windows 7 (64bit)

    I can't reinstall Linksys Easy Link Advisor for WRT310N Wireless Router after upgrading to Windows 7 (64bit).  When I went to Linksys site for solution for new drivers, it asked me for Hardware Version Number.  This model doesn't show one.  Any thoughts?
    Thanks!

    Sabertooth is right. If you are able to go online from your Router then you don't need to install LELA software on your Computer.

  • Prerequisites for SNC SAP router

    I want to configure SAP router in my system (intranet) which is not having any pubic ip. What are the Prerequisites for configuring SNC SAP router.

    HI
    There are many pre requisite for sap snc router
    1) one system with Winwods
    2) one Public IP I.e compulsary
    after public IP U have to fill DATA Sheet and sent TO sap
    With ur system name And Public ip
    after that u have to download
    sacar file for installed SAP router ( letest version )
    And
    Ond OSS User ID And Password
    for cripto file just to below link
    https://websmp210.sap-ag.de/~form/handler?_APP=00200682500000000917&_EVENT=DISPLAY
    download letedst  version according ur opration system
    and make directory
    e.g -. drive://usr/sap/saprouter
    uncar ur letes version here and sart to sap router installtion 
    best of luck

  • Best 5GHZ n-only configuration for AEBS?

    Hi all,
    I'm trying to find the best configuration for my AEBS. I have a number of MBPs and MBs in my house but they all get terrible range. The speed is good when it's within about 30-40 feet, but it just drops off right after that. I've got a good amount of cemented walls so I'm sure that's affecting it some, but I'm fairly disappointed that I can't even get 100 feet of range. These are the settings from the Airport Utility:
    Radio Mode: 802.11n only (5GHZ)
    Channel: Automate
    Wireless Security: RADIUS
    Country: US
    Multicast Rate: 6 Mbps (should I up this to 24 Mbps?)
    Transmit Power: 100%
    Use wide channels: Yes
    Is there anything else I should be trying, or am I just expecting too much? I've got a few other routers that I've souped up with antennas and weatherproof enclosures, but I prefer Apple gear whenever possible. Thanks!

    Really? I wasn't aware of that. Every review I've seen said that the 5GHZ n mode gave far better range and speed than a 2.4/g router. I've got three other routers running on the 2.4 band for the machines that don't have n-compatible cards, so I'm out of channels.
    But I'll run some tests with it in 2.4-only mode. That definitely follows the behavior I've noticed of my 2.4 routers getting better range than this one.
    Thanks!

  • Re: BulletinBoard and configuration for Touchpad

    Win7 x64
    L505-10M
    There ware all sorts of problems after a windows security update a few months ago for this system.
    I have to put a backup of C:\ back, but various functions did not work .
    I have most of them work again now. I installed Flashcard again but Bulletin Board and configuration for Touch pad are missing yet.
    Mouse drivers are HID-mouse and PS/2 version: 6.1.7600.16385 of Microsoft.
    I downloaded Touch Path Driver-20091202155841.zip but this cannot be installed.
    C: \Program Line\TOSHIBA\Bulletin Board is present but probable damaged and not present in Windows Start-menu\Toshiba.
    How can I repair this?
    arnold12

    I understand you that recovery installation is your last step and possibility.
    What kind of backup do you have? How have you created this backup?
    Obviously you have problems with typical Toshiba stuff so I dont understand what kind of backup do you use. Was your preinstalled OS screwed up and you try to install back up.
    Anyway, bulletin board try to check Toshiba download page and install ReelTime for your notebook model, if it is offered.
    What is wrong with touch pad driver? Why you cannot install it? Can you see some error message?
    Have you tried to install both offered touchpad drivers? Which one cannot be installed?

Maybe you are looking for