Re: PIX FireWall and SBS

From: Stuart Mackie [MCSE MCSA] (newsgroups_at_--REMOVE_THIS-NO_SPAM--stu.uk.com)
Date: 02/18/05 

Date: Fri, 18 Feb 2005 12:30:40 -0000

Hi Duane. I would advise using the dual nic setup with SBS2k3 and the PIX.
Its unfortunate you are unable to use ISA since you will have no way in
controlling access to the internet. www.smallbizserver.net has example
network configurations for two nics and a router which will show the IP
requirements. You server would be configured to use the PIX as a gateway,
and the workstations would use the server internal nic as a gateway.

PIX -- Server Ext Nic
                     |
           Server Int Nic -- Switch -- Workstations

To configure your PIX for use with a DSL PPoE DHCP connection use the
commands below in CONFIG mode :

ip address outside pppoe setroute
ip address inside 192.168.1.1 255.255.255.0
vpdn group ISP request dialout pppoe
vpdn group ISP ppp authentication pap
vpdn group ISP localname [dsl-username]
vpdn username [dsl-username] password [dsl-password]

global (outside) 1 interface
nat (inside) 1 192.168.1.1 255.255.255.0 0 0

Replace the dsl-username and dsl-password with appropriate details from your
ISP. The IP addresses referring to the internal side of the PIX may also
need to change depending on what you are currently using.

If Earthlink do not use PPoE the configuration above won't be usable.

If you would like to post your current configuration before making any
changes I will post the list of commands to use rather than just the whole
configuration ? (at the CLI type 'show running' remove any usernames or
passwords before posting) 

-- 
Hth,
Stuart Mackie
www.stu.uk.com
MCSA: & MCSE: Security
"Duane Murphy" <DuaneMurphy@discussions.microsoft.com> wrote in message 
news:954C5DBA-D5C8-4509-BC17-65D7370C6028@microsoft.com...
> We have a single NIC in the server.
> The dsl as I understand in ethernet in, provided by Earthlink. (Will 
> verify
> more Friday AM when I confrence with the installing engineer of the DSL)
> Most of the configureation has been done via the Web Interface. I have no
> issue with the CLI if I know what commands to issue.
>
> "Stuart Mackie [MCSE MCSA]" wrote:
>
>> Hi Duane.  Cisco Support is absolutely great, but I'm a little unsure if
>> they haven't misunderstood your problem.  As far as I understand a PIX 
>> can
>> handle a dynamic external IP without having to act as DHCP for the 
>> internal
>> network.
>>
>> Can you provide more information on how many network cards you have in 
>> your
>> server, and the configuration requirements of your DSL line such as PPoE 
>> or
>> PPoA etc ?  Also, how are you configuring the PIX, through the web 
>> interface
>> or via the CLI ?
>>
>> -- 
>> Hth,
>> Stuart Mackie
>> www.stu.uk.com
>> MCSA: & MCSE: Security
>>
>>
>> "Duane Murphy" <DuaneMurphy@discussions.microsoft.com> wrote in message
>> news:EA2B62F5-CE8C-4696-9994-DB6D2D3831AE@microsoft.com...
>> > We have a single DSL connection terminating to a Cisco PIX box with a
>> > Dymanic
>> > IP on the out side, and according to Cisco need to provide DHCP to all
>> > inside
>> > machines (2 workstations & 1 Win2K3 Single honed Server)
>> >
>> > When I let the PIX box provide DHCP the everybody can see the internet 
>> > and
>> > initially the Win2K3 server via IP. We can NOT see the MyCompany 
>> > Website,
>> > and
>> > we see delays when trying to open documents 3-4 minutes.
>> >
>> > When we Enable DHCP on the Win2k3 server we can access the MyCompany
>> > Website, and docs seem to open imeadietely, however we lose access to 
>> > the
>> > web.
>> >
>> > Cisco tells me that because of the Dynamic IP on the outside of the
>> > Firewall
>> > it must provide DHCP to the internal stations, or the firewall block
>> > traffice
>> > from going out. We have put in a request for a Static IP but that will 
>> > not
>> > be
>> > provisioned for up to 3 weeks.
>> >
>> > Any suggestions? I was told maybe an entry in the host file on the XP
>> > workstations pointing back to the Win2K3 server?
>> >
>> > Thanks Duane
>>
>>
>>

Relevant Pages

  • Re: cannot access domain or internet with two nic cards active
    ... Netopia router ... If the ISP is controlling the configuration of the Netopia modem-router ... Two Nics, a static IP address, ISA, router ... the server from 1 nic to two nic cards utilizing the firewall services ...
    (microsoft.public.windows.server.sbs)
  • Re: cannot access domain or internet with two nic cards active
    ... Netopia router ... If the ISP is controlling the configuration of the Netopia modem-router ... Two Nics, a static IP address, ISA, router ... the server from 1 nic to two nic cards utilizing the firewall services ...
    (microsoft.public.windows.server.sbs)
  • Re: Help! Clients are off the network.
    ... It appears from a quick read of your last post that you are working properly with two nics. ... They will work in either configuration, but you have to be satisfied that your configuration is what you want and stable. ... I shut down the server and removed the lan side PCI nic. ... Ethernet adapter Server Local Area Connection: ...
    (microsoft.public.windows.server.sbs)
  • Re: Cisco 501 Configuration help.
    ... :I am new to the CISCO IOS, need help configuring a 501 pix firewall. ... :On the lan segment I have 6 machines that need to connect to a server ... :service running on port 6666. ... in the second configuration, the PIX will PAT ...
    (comp.dcom.sys.cisco)
  • Re: cannot access domain or internet with two nic cards active
    ... When you re-ran CEICW, did you enable the firewall, select the serverices, ... If the ISP is controlling the configuration of the Netopia modem-router ... Two Nics, a static IP address, ISA, router ... the server from 1 nic to two nic cards utilizing the firewall services ...
    (microsoft.public.windows.server.sbs)