RE: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason
From: Josh Welch (jwelch_at_buffalowildwings.com)
Date: 03/18/04
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] Evolution of Firewalls"
- In reply to: Kyle King: "Re: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason"
- Next in thread: Kyle King: "Re: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason"
- Reply: Kyle King: "Re: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Kyle King" <KKing@Bankshill.com>, "FW Wizards" <firewall-wizards@honor.icsalabs.com> Date: Thu, 18 Mar 2004 10:02:58 -0600
Kyle King said:
<snipped config information that Lookout made a jumble of>
> >When I configure one of the computers with the appropriate
> information for
> a
> >static IP, the computer connects to the internet fine (this is when not
> >connected with the PiX between it). However, it requires that I
> supply the
> >DNS servers. When I configure the PiX to access the internet using a
> static
> >IP, no where do I find the command/option to input the DNS servers; and
> >besides that, when I use static IP, the computers behind the firewall
> cannot
> >access the internet.
>
> This turned out to be an issue with our modem. It used MAC address's to
> assign static IPs, so when I transfered the static to the firewall, the
> modem did not like that. A modem reset fixed that issue. However, when I
> use the configuration I have shown above, I can only ping address's from
> both the firewall and PC. I cannot ping names, such as
www.google.ca (which
I use as my test page simply cause i know the address for it
(66.102.7.104)). When I try to ping a name from the PC, it comes back as no
such name exists, and I can't seem to make the firewall ping any name,
possibly due to the way the ping command on the firewall works.
--my comments--
I am a little unclear here, and I'm getting some weird wrapping and quoting
from Lookout so that's not helping. It sounds like your client PC is simply
unable to get DNS working. Are you trying to use your PIX as your DHCP
server and have it issue an IP and DNS server to your client PC? Or is it a
matter of your client PC's DNS requests getting shot down by your PIX?
--end my comments--
Anyway, when I enable the VPN client, all access, including those pings,
stops working. However, according to the little led on the front, I am
connected to the VPN. I don't have access to anything on their end however.
--my comments--
Well, this would make sense in that when the VPN starts up all traffic will
be forced through the VPN unless the vpngroup on the VPN head has split
tunneling set up in it. You also need to find out if you should be running
your PIX in network extension mode or client mode, that's going to have some
impact on how things behave. If all the IP addresses of your client PCs
whould be visible from the remote site, then you want network extension
mode, if you want all your IP's natted to the remote site, you want client
mode.
HTH,
Josh
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] Evolution of Firewalls"
- In reply to: Kyle King: "Re: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason"
- Next in thread: Kyle King: "Re: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason"
- Reply: Kyle King: "Re: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
