Re: PIX FireWall and SBS
From: Duane Murphy (duane_at_m-i-s.com)
Date: 02/19/05
- Next message: Wes: "Re: SBS 2003 migration to a new hardware"
- Previous message: Henry Craven [SBS-MVP]: "Re: SBS 2003 continuous restart loop."
- In reply to: Duane Murphy: "Re: PIX FireWall and SBS"
- Next in thread: Duane Murphy: "Re: PIX FireWall and SBS"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 19 Feb 2005 12:59:13 -0800
Thanks guys, I guess I treied at the begining and at the end of the
outage... Thanks...
"Duane Murphy" <duane@m-i-s.com> wrote in message
news:%23kpZzorFFHA.560@TK2MSFTNGP15.phx.gbl...
>I have tried opening the website for 2 days now and it seems to be dead.
>Any alternate address to get the mentioned informaiton?
>
> "Stuart Mackie [MCSE MCSA]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com>
> wrote in message news:%23OGmfXbFFHA.2676@TK2MSFTNGP12.phx.gbl...
>> Hi Duane. I would advise using the dual nic setup with SBS2k3 and the
>> PIX. Its unfortunate you are unable to use ISA since you will have no way
>> in controlling access to the internet. www.smallbizserver.net has
>> example network configurations for two nics and a router which will show
>> the IP requirements. You server would be configured to use the PIX as a
>> gateway, and the workstations would use the server internal nic as a
>> gateway.
>>
>> PIX -- Server Ext Nic
>> |
>> Server Int Nic -- Switch -- Workstations
>>
>>
>> To configure your PIX for use with a DSL PPoE DHCP connection use the
>> commands below in CONFIG mode :
>>
>> ip address outside pppoe setroute
>> ip address inside 192.168.1.1 255.255.255.0
>> vpdn group ISP request dialout pppoe
>> vpdn group ISP ppp authentication pap
>> vpdn group ISP localname [dsl-username]
>> vpdn username [dsl-username] password [dsl-password]
>>
>> global (outside) 1 interface
>> nat (inside) 1 192.168.1.1 255.255.255.0 0 0
>>
>>
>> Replace the dsl-username and dsl-password with appropriate details from
>> your ISP. The IP addresses referring to the internal side of the PIX may
>> also need to change depending on what you are currently using.
>>
>> If Earthlink do not use PPoE the configuration above won't be usable.
>>
>>
>> If you would like to post your current configuration before making any
>> changes I will post the list of commands to use rather than just the
>> whole configuration ? (at the CLI type 'show running' remove any
>> usernames or passwords before posting)
>>
>> --
>> Hth,
>> Stuart Mackie
>> www.stu.uk.com
>> MCSA: & MCSE: Security
>>
>>
>> "Duane Murphy" <DuaneMurphy@discussions.microsoft.com> wrote in message
>> news:954C5DBA-D5C8-4509-BC17-65D7370C6028@microsoft.com...
>>> We have a single NIC in the server.
>>> The dsl as I understand in ethernet in, provided by Earthlink. (Will
>>> verify
>>> more Friday AM when I confrence with the installing engineer of the DSL)
>>> Most of the configureation has been done via the Web Interface. I have
>>> no
>>> issue with the CLI if I know what commands to issue.
>>>
>>> "Stuart Mackie [MCSE MCSA]" wrote:
>>>
>>>> Hi Duane. Cisco Support is absolutely great, but I'm a little unsure
>>>> if
>>>> they haven't misunderstood your problem. As far as I understand a PIX
>>>> can
>>>> handle a dynamic external IP without having to act as DHCP for the
>>>> internal
>>>> network.
>>>>
>>>> Can you provide more information on how many network cards you have in
>>>> your
>>>> server, and the configuration requirements of your DSL line such as
>>>> PPoE or
>>>> PPoA etc ? Also, how are you configuring the PIX, through the web
>>>> interface
>>>> or via the CLI ?
>>>>
>>>> --
>>>> Hth,
>>>> Stuart Mackie
>>>> www.stu.uk.com
>>>> MCSA: & MCSE: Security
>>>>
>>>>
>>>> "Duane Murphy" <DuaneMurphy@discussions.microsoft.com> wrote in message
>>>> news:EA2B62F5-CE8C-4696-9994-DB6D2D3831AE@microsoft.com...
>>>> > We have a single DSL connection terminating to a Cisco PIX box with a
>>>> > Dymanic
>>>> > IP on the out side, and according to Cisco need to provide DHCP to
>>>> > all
>>>> > inside
>>>> > machines (2 workstations & 1 Win2K3 Single honed Server)
>>>> >
>>>> > When I let the PIX box provide DHCP the everybody can see the
>>>> > internet and
>>>> > initially the Win2K3 server via IP. We can NOT see the MyCompany
>>>> > Website,
>>>> > and
>>>> > we see delays when trying to open documents 3-4 minutes.
>>>> >
>>>> > When we Enable DHCP on the Win2k3 server we can access the MyCompany
>>>> > Website, and docs seem to open imeadietely, however we lose access to
>>>> > the
>>>> > web.
>>>> >
>>>> > Cisco tells me that because of the Dynamic IP on the outside of the
>>>> > Firewall
>>>> > it must provide DHCP to the internal stations, or the firewall block
>>>> > traffice
>>>> > from going out. We have put in a request for a Static IP but that
>>>> > will not
>>>> > be
>>>> > provisioned for up to 3 weeks.
>>>> >
>>>> > Any suggestions? I was told maybe an entry in the host file on the XP
>>>> > workstations pointing back to the Win2K3 server?
>>>> >
>>>> > Thanks Duane
>>>>
>>>>
>>>>
>>
>>
>
>
- Next message: Wes: "Re: SBS 2003 migration to a new hardware"
- Previous message: Henry Craven [SBS-MVP]: "Re: SBS 2003 continuous restart loop."
- In reply to: Duane Murphy: "Re: PIX FireWall and SBS"
- Next in thread: Duane Murphy: "Re: PIX FireWall and SBS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
