One of the greater popular firewall merchandise for the small business marketplace is the Cisco PIX 501. Out of the container it calls for just a few configuration entries and you’re up and jogging.
In this guide, we will stroll thru the stairs for configuring your modern pix at the network area.
This guide is written for the buyer who has no information of the PIX firewall. As such, it isn’t a treatise on community protection, however a short, with the aid of-the numbers manual to configuring a PIX firewall with as little jargon as viable.
We are assuming that you have an internet connection with at least one static IP address. While the PIX can easily take care of a dynamic IP cope with (this is the default configuration), you might not be capable of without problems configure remote get entry to, VPNs, Mail, or internet servers with out a static IP address.
Your PIX ought to have come with an AC adapter, a yellow CAT 5 cable, an orange CAT5 cable and a flat, (usually) child blue cable with a nine-pin serial connector on one give up and an RJ-45 plug on the opposite.
The yellow CAT5 cable is a widespread Ethernet cable and is used to connect your laptop or server to the 4-port Ethernet transfer built into the PIX. The Orange CAT5 cable is a cross-over cable and can be required to connect the outdoor interface of the PIX to your ISP’s router (in case your PC’s or workstations are plugged into a Cisco transfer inside the network, you’ll additionally require a move-over cable for connecting to one of the switch ports at the PIX).
What we are going to use for our configuration is the infant blue rollover cable. Insert the serial jack into one of the serial ports at the again of the PC or pc you may be used to configure the PIX. Then, insert the RJ-45 plug into the port at the returned of the PIX classified “console.”
Windows has a constructed in software this is used for (amongst different things) configuring serial gadgets. Using the begin menu, visit Start > Programs > Accessories > Communications > Hyper Terminal.
Choose the Hyper Terminal application. You may additionally get a dialog field asking in case you’d like to make Hyper Terminal your default telnet utility. Unless you have a choice, pass in advance and pick out yes.
Then you’ll be asked for the place code from that you are dialing, even though it isn’t always applicable right here, the program still wants to understand, so fill it in and click on ‘next’ or ‘ok.’
You can call the connection whatever you’d like; in this example, we’re going to use PIX. Click ‘ok’ to transport on.
Next, we’re going to be asked to go into the details for the telephone variety we would want to dial. Since we are not dialing a smartphone variety, use the drop-down selector at the lowest of the container to pick COM1 or COM2 (whichever is applicable). If you don’t have any idea which one is which, you could need to try it each method.
Now, you’ll be predicted to tell the application a few specifics approximately the port settings so that it is able to successfully speak with the PIX.
Luckily, it is not too complex, simply recall 9600, eight, none, and 1. Enter these settings into the drop-down selectors of the box to your display screen.
Now we’re prepared to set up the PIX. Insert the energy cable and you will be greeted with the startup monologue (it is now not a conversation in this situation; it’s simply informing you of what’s going on).
Then, you will be greeted with a screen that asks in case you’d like to program the PIX the use of interactive activates. For the purpose of this exercising, type no and click on ‘input’.
You will now get a activate that looks as if this:
Type the phrase ‘enable’ (no charges), when brought about for the password, just click ‘input’ as the default is no password.
The spark off has modified to a hash mark:
Type the phrase ‘configure terminal’ (no rates); you are telling the PIX which you need to go into the worldwide configuration mode and you may be doing all of your configuration thru the terminal window.
Your spark off will now appear like this:
The first issue we want to do is give your pix a bunch name. The PIX command syntax is:
Thus, to set the hostname we are able to enter:
pixfirewall(config)# hostname mypix
Now, the domain name; it’s alright if you do not have a website installation on your network, you could name it anything you want. However, give a few thought to whether or not a domain might be a opportunity in some unspecified time in the future and plan your naming scheme appropriately.
Pixfirewall(config)# area-name mydomain.Com
As you may see from the configuration above, the ethernet0 interface is the outdoor interface, with a security placing of 0, at the same time as ethernet1 is the inside interface with a protection setting of a hundred. Additionally, you could see that the interfaces are shutdown. All we want do to convey them up is enter the velocity at which they must operate. As they’re Ethernet interfaces, any software program version after 6.Three(3) will take 100full, prior to that, use 10full.
Pixfirewall(config)# interface ethernet0 100full
pixfirewall(config)# interface ethernet1 100full
Now to assign an deal with to the outside and inside interfaces; the IP address command sets the IP to cope with of an interface. The syntax is as follows:
Ip deal with
An example might be as follows:
Ip cope with outdoor
pixfirewall(config)# ip deal with out of doors 188.8.131.52 255.255.255.252 (this IP address, netmask combination should no longer be used, it’s miles proven right here for example most effective. Use the IP deal with/masks given to you with the aid of your ISP).
Then the inner IP address
IP deal with inside
pixfirewall(config)# Ip deal with interior 192.168.Zero.1 255.255.255.0
A short word about IP addressing is in order right here.
One way this is used to preserve public IP addresses is thru the usage of non-routable IP addressing blocks specified in RFC 1597. You can also once in a while listen to them called “private” IP addresses, which is fine, however no longer quite technically correct. There are three exceptional blocks to select from:
10.0.0.Zero – 10.255.255.255 with a netmask of 255.0.Zero.Zero
172.16.0.Zero – 172.31.255.255 with a netmask of 255.255.0.0
192.168.0.Zero – 192.168.255.255 with a netmask of 255.255.255.0
so long as your inner network’s IP addresses are all inside one of these blocks of deal with the area, you will now not need to introduce the complexity of routing within your LAN. An example scheme for folks that are not acquainted is shown beneath:
PIX – 192.168.Zero.1 netmask 255.255.255.0
File/DHCP server – 192.168.0.2 netmask 255.255.255.Zero
Workstations – 192.168.0.10 – 192.168.0.254 netmask (each) 255.255.255.0
* I intentionally left out the 192.168.0.3-nine addresses to devise for future expansion and the possible want for added servers, you don’t should do this.
* Configure your DHCP server to hand out addresses in the targeted block the use of your ISP-furnished DNS servers for name decision. Make certain to exchange this should you ever determine to install a name server within your personal community.
* If you don’t need to install a DHCP server, just configure each PC with the IP cope with, default gateway, netmask & DNS servers
It is very critical now to feature a default path to the PIX configuration. Another time period for default direction is the “default gateway.” You want to inform the PIX that if it receives site visitors destined for a community that isn’t without delay related, it has to send it to the connected ISP router. Your ISP needs to have given you the IP address of your default gateway when you obtained your setup facts.
Here is the syntax:
The English translation is “if packets destined for the interface at the network exact with the aid of community address are bounded by mask then direction it via a next hop on the elective command is used to offer an illustration of distance.
pixfirewall(config)# Route outside 0 0 1
(if packets are destined outdoor the community to any IP cope with any netmask, ship them via the ISPs default gateway, that is one hop away, meaning it’s far the tool to which the PIX is attached at the outside interface).
To password protect your PIX on the way to save you unauthorized get admission to, use something this is relaxed and tough to bet. Try to live faraway from the names of spouses, children, pets, birthdays or different effortlessly guessed variable. Whenever possible, use a aggregate of letters and numbers. The syntax is as follows (but please do not use Cisco as your real password)
pixfirewall(config)# Passwd cisco (note the abbreviated spelling of the phrase password) this can set a password for basic get admission to (remember the pixfirewall> set off?)
pixfirewall(config)# Enable password cisco this will set the password for administrative get entry to
Now that your PIX has been given a fundamental configuration, you need to be capable of get entry to the net, while preventing unauthorized get entry to on your assets.