Cisco 501 Pix - Cable Modem - Wireless Router.....

Hi Everyone,

I would appreciate some basic (very basic) suggestions as to how I
might WIRE my network. I am VERY new at this so please be patient with
me.

Here are the components:

A Cable Modem.

A Belkin Wireless Router.

1 Asus PC with a regular hard wired network card

A Cisco PIX 501 firewall. (just purchased used)

1 Gateway PC with a wireless network card.

1 Dell PC with a wireless network card.
------------------------------------------------------------ ----------------------

I have been told several possible ways to configure these components
and I am curious as what people in here might suggest. Please bear in
mind that I am VERY new at this so I am seeking the most basic of
suggestions.

Basically I am looking for a "what to hook up to what" schematic if
that is possible.

Thanks,
ntwrkgy

Re: Cisco 501 Pix - Cable Modem - Wireless Router.....

In article <1162518654.760654.251470@h48g2000cwc.googlegroups.com>,
Network Student wrote:

> I would appreciate some basic (very basic) suggestions as to how I
>might WIRE my network. I am VERY new at this so please be patient with
>me.

>Here are the components:

>A Cisco PIX 501 firewall.

Most PIX 501 configuration information is over in comp.dcom.sys.cisco .

> (just purchased used)

You have a problem: you almost certainly did not receive a license
to *use* the PIX 501. The software is not transferable except under
certain (usually expensive) conditions. Cisco does not sell the PIX
line retail, so their license terms are legally enforceable except
where specific laws override those terms (Germany and Denmark,
possibly a few other countries that I haven't been able to prove as yet.)

In order to legally use the PIX 501 you probably need to "relicense"
it from Cisco. The Cisco part number is LL-PIX-501-SW-10. Prices
vary a fair bit on it; the lowest I see at the moment is $US161,
list price is $US195 .

Re: Cisco 501 Pix - Cable Modem - Wireless Router.....

In article <1162518654.760654.251470@h48g2000cwc.googlegroups.com>,
Network Student wrote:
> I would appreciate some basic (very basic) suggestions as to how I
>might WIRE my network. I am VERY new at this so please be patient with
>me.

>Here are the components:
>A Cable Modem.
>A Belkin Wireless Router.
>1 Asus PC with a regular hard wired network card
>A Cisco PIX 501 firewall. (just purchased used)
>1 Gateway PC with a wireless network card.
>1 Dell PC with a wireless network card.

>I have been told several possible ways to configure these components
>and I am curious as what people in here might suggest.

Plug the PIX 501 into the cable modem. Plug the wireless router
and the Asus PC into the pix 501. Use the Gateway and Dell wireless,
or else plug them into the back of the PIX 501.

The PIX 501 has one port to plug into the WAN (the cable modem),
and a block of four ports for your inside network. Those four ports
act as a switch.

For the wireless router, you will likely find it easiest to
*not* use the WAN ("outside") interface and to turn off the routing
functions. Instead, connect one of the *inside* ports to the PIX 501,
and use the same subnet for everything internal.

Be sure to use good wireless encryption, not just 40 bit WAP --
that can be broken in a small number of hours. If your wireless router
doesn't support good encryption, then install the Cisco VPN Client
software on the Gateway and Dell, and configure a VPN on the PIX
against the *inside* interface so that you are using a VPN over the
wireless to get your data to the PIX. Unfortunately if you do this,
you will not be able to communicate locally between the systems.
If that's a problem then there are other configurations that could
be suggested, but I'm not going to go into those until you
have digested all of this.

Re: Cisco 501 Pix - Cable Modem - Wireless Router.....

Walter Roberson wrote:
> In article <1162518654.760654.251470@h48g2000cwc.googlegroups.com>,
> Network Student wrote:
> > I would appreciate some basic (very basic) suggestions as to how I
> >might WIRE my network. I am VERY new at this so please be patient with
> >me.
>
> >Here are the components:
> >A Cable Modem.
> >A Belkin Wireless Router.
> >1 Asus PC with a regular hard wired network card
> >A Cisco PIX 501 firewall. (just purchased used)
> >1 Gateway PC with a wireless network card.
> >1 Dell PC with a wireless network card.
>
> >I have been told several possible ways to configure these components
> >and I am curious as what people in here might suggest.
>
> Plug the PIX 501 into the cable modem. Plug the wireless router
> and the Asus PC into the pix 501. Use the Gateway and Dell wireless,
> or else plug them into the back of the PIX 501.
>
> The PIX 501 has one port to plug into the WAN (the cable modem),
> and a block of four ports for your inside network. Those four ports
> act as a switch.
>
> For the wireless router, you will likely find it easiest to
> *not* use the WAN ("outside") interface and to turn off the routing
> functions. Instead, connect one of the *inside* ports to the PIX 501,
> and use the same subnet for everything internal.
>
> Be sure to use good wireless encryption, not just 40 bit WAP --
> that can be broken in a small number of hours. If your wireless router
> doesn't support good encryption, then install the Cisco VPN Client
> software on the Gateway and Dell, and configure a VPN on the PIX
> against the *inside* interface so that you are using a VPN over the
> wireless to get your data to the PIX. Unfortunately if you do this,
> you will not be able to communicate locally between the systems.
> If that's a problem then there are other configurations that could
> be suggested, but I'm not going to go into those until you
> have digested all of this.

Hello,

I think I understand the wiring concept. As a test I wired it this
way. I was not suprised that I was then not able to connect to the
internet. I assume that this is because I did not configure the PIX
firewall software via hyper terminal or the GUI configuration that I
get from going to 192.168.1.1.

I should add that I have the PIX console wired to COM1 on my PC.

So.

What iare the next steps? I guess that I now need to configure the
software side? Any suggestions or basic steps would be appreciated. The
"Basic Cisco PIX 501" searches that I Google are still pretty far over
my head so the more basic the better.

Thanks Again.


Perhaps

Re: Cisco 501 Pix - Cable Modem - Wireless Router.....

Walter Roberson wrote:
> In article <1162518654.760654.251470@h48g2000cwc.googlegroups.com>,
> Network Student wrote:
> > I would appreciate some basic (very basic) suggestions as to how I
> >might WIRE my network. I am VERY new at this so please be patient with
> >me.
>
> >Here are the components:
> >A Cable Modem.
> >A Belkin Wireless Router.
> >1 Asus PC with a regular hard wired network card
> >A Cisco PIX 501 firewall. (just purchased used)
> >1 Gateway PC with a wireless network card.
> >1 Dell PC with a wireless network card.
>
> >I have been told several possible ways to configure these components
> >and I am curious as what people in here might suggest.
>
> Plug the PIX 501 into the cable modem. Plug the wireless router
> and the Asus PC into the pix 501. Use the Gateway and Dell wireless,
> or else plug them into the back of the PIX 501.
>
> The PIX 501 has one port to plug into the WAN (the cable modem),
> and a block of four ports for your inside network. Those four ports
> act as a switch.
>
> For the wireless router, you will likely find it easiest to
> *not* use the WAN ("outside") interface and to turn off the routing
> functions. Instead, connect one of the *inside* ports to the PIX 501,
> and use the same subnet for everything internal.
>
> Be sure to use good wireless encryption, not just 40 bit WAP --
> that can be broken in a small number of hours. If your wireless router
> doesn't support good encryption, then install the Cisco VPN Client
> software on the Gateway and Dell, and configure a VPN on the PIX
> against the *inside* interface so that you are using a VPN over the
> wireless to get your data to the PIX. Unfortunately if you do this,
> you will not be able to communicate locally between the systems.
> If that's a problem then there are other configurations that could
> be suggested, but I'm not going to go into those until you
> have digested all of this.

Hello,

I think I understand the wiring concept. As a test I wired it this
way. I was not suprised that I was then not able to connect to the
internet. I assume that this is because I did not configure the PIX
firewall software via hyper terminal or the GUI configuration that I
get from going to 192.168.1.1.

I should add that I have the PIX console wired to COM1 on my PC.

So.

What iare the next steps? I guess that I now need to configure the
software side? Any suggestions or basic steps would be appreciated. The
"Basic Cisco PIX 501" searches that I Google are still pretty far over
my head so the more basic the better.

Thanks Again.

Re: Cisco 501 Pix - Cable Modem - Wireless Router.....

In article <1162675081.929127.92880@m7g2000cwm.googlegroups.com>,
Networking Student wrote:

> I think I understand the wiring concept. As a test I wired it this
>way. I was not suprised that I was then not able to connect to the
>internet. I assume that this is because I did not configure the PIX
>firewall software via hyper terminal or the GUI configuration that I
>get from going to 192.168.1.1.

>I should add that I have the PIX console wired to COM1 on my PC.

>What iare the next steps?

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pi x_sw/v_63/index.htm

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_c onfiguration_examples_list.html

And in particular, you may wish to start with

configure factory default

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pi x_sw/v_63/cmdref/c.htm#wp1055799

That will clean out any old configuration, configure your inside
interface for 192.168.1.1 netmask 255.255.255.0 and configure your
outside interface to attempt to get an IP address via DHCP, which
would be typical for cable modems. It will also configure the PIX to
allow traffic from 192.168.1.* out, and to allow most responses to that
traffic, but not to allow new connections from the outside (internet)
to the inside.