how-to block ads
|
| | | | FAQ Revisions | Editors: skj  , Covenant , aryoba , Phraxos
Last modified on 2008-06-30 10:47:55
| |
|
|
50.0 Configuration·The best way to configure Cisco equipments
·Is there a graphical interface for routers and where do I get it?
·The most straight-forward way to configure Cisco router: Introduction to CLI
·2500 Series Installation and Configuration Guide
·Where can I find documentation for configuring my Cisco 67x series DSL Router
·Straight-forward way to configure Cisco PIX Firewall/ASA: Introduction to CLI
| | | If you consider yourself as a novice to networking or Cisco equipments, then you should use the GUI (Graphical User Interface), SDM, or any Web Interface configuration tool that is available already in the Cisco equipments to configure.
However a lot of time Cisco Web Interface has bugs and somewhat unreliable. In addition, the Web Interface may or may not available in the equipment or are uninstalled. Also, you can only configure basic feature when using Web Interface.
The most direct and reliable way to configure Cisco equipments is always using CLI (Command Line Interface). For those who are novice to networking or Cisco equipments, most of the time it would be overwhelming when configuring Cisco equipments using CLI for the first time.
No worries! Check out this forum FAQ. There are also topics how revive the SDM when it is not working; even the very basic step to CLI introduction as follows.
»Cisco Forum FAQ »The most straight-forward way to configure Cisco router: Introduction to CLI
»Cisco Forum FAQ »Straight-forward way to configure Cisco PIX Firewall/ASA: Introduction to CLI
»Cisco Forum FAQ »My SDM/CRWS (web configuration mode) doen't work. How do I revive it?
Explore all topics on FAQ. In no time, you should have your Cisco equipments up and running.
 show feedback form
 close
by aryoba
last modified: 2008-01-04 16:48:13 | | | The standard Graphical User Interface (GUI) for Cisco routers is Cisco Router and Security Device Manager (SDM). It is "a Web-based device-management tool for Cisco routers that can improve the productivity of network managers, simplify router deployments, and help troubleshoot complex network and VPN connectivity issues.
Cisco SDM supports a wide range of Cisco IOS Software releases and is available free of charge on Cisco router models from Cisco 830 Series to Cisco 7301. It ships preinstalled on all new Cisco 850 Series, Cisco 870 Series, Cisco 1800 Series, Cisco 2800 Series, and Cisco 3800 Series integrated services routers.
Network and security administrators and channel partners can use Cisco SDM for faster and easier deployment of Cisco routers for integrated services such as dynamic routing, WAN access, WLAN, firewall, VPN, SSL VPN, IPS, and QoS."
More details are available from Cisco here: »www.cisco.com/en/US/products/sw/···dex.html
The software can be downloaded (without a SMARTnet contract) from here: »www.cisco.com/pcgi-bin/tablebuild.pl/sdm
show feedback form
close
by Phraxos | | | Suggested prerequisite reading
»Cisco Forum FAQ »Things to expect when setup network for home or small business
Physical Connection
When it is time to configure your network router, there are basic steps you need to do regardless equipment brand or model you use. One of those steps is figuring out which would be the router WAN port and which would be router LAN port. Once you have all proper cables connected, you will then configure the router software.
In terms of plugging cables, some Cisco equipments including Cisco routers are not that clear as to which port would be WAN and which would be LAN. To find out which ports are which on your Cisco router, following preliminary hardware setup links should give you ideas. Specifically for Cisco router configuration, you need to plug in the correct cable to the router WAN, LAN, and CONSOLE port.
Cisco 800 series router
Install and Upgrade Guides
Cisco 1700 series router
Install and Upgrade Guides
Cisco 2500 series router
Cisco 2500 Series Overview
Overview of the Cisco 2500 Series Access Server
Overview of the Cisco 2517 and Cisco 2519
Cisco 2500 Multiport Installation and Configuration Guide - Router Overview
Overview of the Cisco 2524 and Cisco 2525
Cisco 2600 and 2600XM series routers
Install and Upgrade Guides
Basic Cisco Router Configuration
Next is the software setup. In software setup, you need to configure the router to have the proper IP connection scheme such as DNS, IP subnets, etc. to make WAN/LAN connection work.
There are alternatives to configure the router. Some people prefer to use Web-based feature (i.e. SDM) since it "seems" easier to use. Keep in mind that SDM is not always available on any router. Even when SDM is available, there are some features that require non-SDM to configure.
The most straight-forward way to configure the router is to use CLI (Command Line Interface). With CLI, you can configure the equipment to anything you like from basic configuration to the most advanced one.
You need to have the following items to be able to use CLI.
* Cisco console cable kit (cable and adapters)
* PC or laptop running Windows with HyperTerminal program installed (or running any operating system with terminal simulator software installed)
Do you have Cisco console kit? If no, then you could go to your local computer shop to get one. You could also buy one from ebay. Basically what you need is a RS-232 cable with DB-9 or DB-25 (depends on your computer serial port model) on one end to go to your computer serial port, and RJ-45 on another end to go to the router CONSOLE port. If your computer does not have serial port and only has USB port, then you might need a DB9-USB or DB25-USB adapter.
When you already have the CONSOLE cable and you have physical access to the CONSOLE port, then this is the 1st step you need to know.
Accessing CONSOLE port:
http://www.cisco.com/en/US/products/hw/routers/ps331/products_installation_guide_chapter09186a008007d019.html
If everything works right, you should get a prompt like this:
Router>
When you do have such display, it means you are now in CLI. The router then is ready to receive commands. You can enter the following commands as a start.
Router>enable
You may be asked to enter a password. If this is the case, you just enter the password. When the router is brand new or factory default, press ENTER on your keyboard should get you into enable/privilege mode; which shows something like this display
Router#
If by pressing ENTER you don't get into enable/privilege mode and you don't know the password, then you need to do password recovery. There's a FAQ in this forum on how to do it.
»Cisco Forum FAQ »Password Recovery Procedures
As mentioned, you should get something like this display when you pass the password question,
Router#
where the prompt changes from > to #.
This means you are in enable/privilege mode. When you are in privilege mode, you can check the router configuration. To do so, issue following command:
Router#show running-config
Keep in mind that the output you are about to see might not exactly match to the following. The output basically varies; it highly depends on your router models and features activated or used. However in general, it should look something like this.
!
version 12.2
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
!
ip subnet-zero
!
!
!
!
!
!
interface Ethernet0
no ip address
shutdown
!
interface Ethernet1
no ip address
shutdown
!
ip classless
no ip http server
no cdp run
!
line con 0
exec-timeout 120 0
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
length 0
!
scheduler max-task-time 5000
end
As mentioned, you need to configure the router to have the proper IP connection scheme such as DNS, IP subnets, etc. In order to do that, you have to enter the global configuration mode by issuing the following command
Router#configure terminal
Then you should have the following display.
Router(config)#
That prompt indicates that you are in the configuration mode.
As illustration, let us say that the interface Ethernet1 is the WAN port and interface Ethernet0 is the LAN port. Then you should enter the WAN IP subnets under the interface Ethernet1 and the LAN IP subnets under the interface Ethernet0.
Let us say that the following is the IP subnets:
WAN:
Subnet: 23.42.53.0/24 network (or 23.42.53.0 network with subnet mask of 255.255.255.0)
IP address: 23.42.53.24
Default Gateway: 23.42.53.1
DNS: 23.42.52.1
LAN:
Subnet: 10.10.10.0/24 network (or 10.10.10.0 network with subnet mask of 255.255.255.0)
IP address: 10.10.10.1
To configure these info, the general idea is to do the following:
1. To make sure the router is working as expected, there might be a need to set several things such as set the router to do ip routing and to keep the manufacturer's suggested settings
2. Enter the interface configuration mode
3. Type in the interface IP address and subnet mask
4. Issue "no shutdown" command to bring up the interface
5. Exit the interface configuration mode to global configuration mode
6. On the global configuration mode, enter the default gateway.
7. Save the configuration.
Here are the walkthrough configuration steps.
Since you plan to configure a router and expect it to do IP routing, then following command is to make sure that the router will be in routing mode.
Router(config)#ip routing
This command is to make sure that the router will keep all settings as advised by the manufacturer (which is Cisco of course).
Router(config)#config-register 0x2102
Side Note:
Check out this FAQ for more info on the default config register value
»Cisco Forum FAQ »Config Register Value - After lost power or reload, router lost configuration
The WAN interface:
Router(config)#interface Ethernet1
Router(config-if)#description Outside World
Router(config-if)#ip address 23.42.53.24 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#
The LAN interface:
Router(config)#interface Ethernet0
Router(config-if)#description Internal LAN
Router(config-if)#ip address 10.10.10.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#
To configure the default gateway, do the following:
Router(config)#ip route 0.0.0.0 0.0.0.0 23.42.53.1
Keep in mind that in this illustration, it is assumed that you have WAN static IP address scheme in Ethernet environment. When this does not match your situation, please go to the FAQ subsection and find the most suitable environment (PPP, DHCP, etc.).
There should be no further necessary step of configuring the router. You then need to exit the configuration mode and save the changes, by doing the following.
Router(config)#end
Router#copy running-config startup-config
As to the DNS info, you need to inject it into your LAN machines. You can do it either statically or automatically. When you do it statically, it usually means that you configure the LAN machines to have static IP address. When you do it automatically, it usually means that you configure the LAN machines to have dynamic IP address.
Keep in mind that LAN machine configuration step varies, it highly depends on the operating system (i.e. Windows, Mac, or Linux). In general is that when you configure the LAN machines to have either static or dynamic IP address, go to the machine configuration mode and do it from there.
Note:
This FAQ is written with purpose of introducing CLI to novices. Therefore this FAQ is not intended as the complete guideline on how to setup a router in specific WAN/LAN environment or setup a used router with saved configuration file already in place. When the router is going to connect directly to an ISP via cable modem, DSL, or T1/E1; please go to other FAQ subsections and find the most suitable environment (PPP, DHCP, static, etc.). If you are not sure how the router should connect to the ISP, please consult with the ISP since your ISP is the most knowledgeable source concerning their own connection to the customers.
Following is the FAQ of router configuration in specific WAN/LAN environment
Various PPPoE/PPPoA/DHCP/Static Sample Configuration with Cisco
For further info on command descriptions, check out the following
»Cisco Forum FAQ »Basic Cisco Commands and Descriptions
show feedback form
close
by aryoba
last modified: 2008-03-31 15:09:50 | | | Cisco 2500 Series Router Installation and Configuration Guide
show feedback form
close
by nozero edited by aryoba
last modified: 2008-05-29 10:47:45 | | | Cisco's documentation and online guides can be found at
Cisco Broadband Operating System (CBOS)
show feedback form
close
by ender78 edited by aryoba
last modified: 2008-05-29 10:48:46 | | | Suggested prerequisite reading
»Cisco Forum FAQ »Things to expect when setup network for home or small business
Physical Connection
When it is time to configure your network firewall, there are basic steps you need to do regardless equipment brand or model you use. One of those steps is figuring out which would be the PIX Firewall or ASA WAN port and which would be PIX Firewall or ASA LAN port. Once you have all proper cables connected, you will then configure the PIX Firewall or ASA software.
In terms of plugging cables, some Cisco equipments including Cisco PIX Firewall and ASA are not that clear as to which port would be WAN and which would be LAN. To find out which ports are which on your Cisco PIX Firewall or ASA, following preliminary hardware setup should give you ideas. Specifically for Cisco PIX Firewall and ASA configuration, you need to plug in the correct cable to the WAN, LAN, and CONSOLE ports.
Cisco PIX Firewall Hardware Installation Guide
Cisco ASA 5500 Series Hardware Installation Guide
Basic Cisco PIX Firewall/ASA Configuration
Next is the software setup. In software setup, you need to configure the PIX Firewall to have the proper IP connection scheme such as DNS, IP subnets, etc. to make WAN/LAN connection work.
There are alternatives to configure the PIX Firewall and ASA. Some people prefer to use Web-based feature (i.e. SDM or ASDM) since it "seems" easier to use. Keep in mind that SDM/ASDM is not always available on any PIX Firewall or ASA. Even when SDM/ASDM is available, there are some features that require non-SDM/ASDM to configure.
The most straight-forward way to configure the PIX Firewall and ASA is to use CLI (Command Line Interface). With CLI, you can configure the equipment to anything you like from basic configuration to the most advanced one.
You need to have the following items to be able to use CLI.
* Cisco console cable kit (cable and adapters)
* PC or laptop running Windows with HyperTerminal program installed (or running any operating system with terminal simulator software installed)
Do you have Cisco console kit? If no, then you could go to your local computer shop to get one. You could also buy one from ebay. Basically what you need is a RS-232 cable with DB-9 or DB-25 (depends on your computer serial port model) on one end to go to your computer serial port, and RJ-45 on another end to go to the PIX Firewall or ASA CONSOLE port. If your computer does not have serial port and only has USB port, then you might need a DB9-USB or DB25-USB adapter.
When you already have the CONSOLE cable and you have physical access to the CONSOLE port, then this is the 1st step you need to know.
Accessing CONSOLE port:
Cisco PIX Firewall 501
Cisco PIX Firewall 506/506E
Cisco PIX Firewall 515/515E
Cisco ASA 5500
If everything works right, you should get a prompt like this:
pixfirewall>
When you do have such display, it means you are now in CLI. The PIX Firewall or ASA then is ready to receive commands. You can enter the following commands as a start.
pixfirewall>enable
You may be asked to enter a password. If this is the case, you just enter the password. When the PIX Firewall or ASA is brand new or factory default, press ENTER on your keyboard should get you into enable/privilege mode; which shows something like this display
pixfirewall#
If by pressing ENTER you don't get into enable/privilege mode and you don't know the password, then you need to do password recovery. There's a FAQ in this forum on how to do it.
»Cisco Forum FAQ »Password Recovery Procedures
As mentioned, you should get something like this display when you pass the password question.
pixfirewall#
where the prompt changes from > to #.
This means you are in enable/privilege mode. When you are in privilege mode, you can check the PIX Firewall or ASA configuration. To do so, issue following command:
pixfirewall#write terminal
If the PIX or ASA is running OS version 6.x or 7.x, then you can also issue following command with the same exact output.
pixfirewall#show running-config
Keep in mind that the output you are about to see might not exactly match to the following. The output basically varies; it highly depends on your PIX Firewall models and features activated or used. However in general, it should look something like this.
PIX Version 6.3(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
pager lines 24
logging on
no logging timestamp
no logging standby
no logging console
no logging monitor
logging buffered debugging
no logging trap
no logging history
logging facility 20
logging queue 512
interface ethernet0 shutdown
interface ethernet1 shutdown
mtu outside 1500
mtu inside 1500
ip address outside 209.165.200.226 255.255.255.224
ip address inside 10.1.1.1 255.255.255.0
no failover
arp timeout 14400
global (outside) 1 209.165.200.227-209.165.200.254 netmask 255.255.255.224
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 209.165.200.225 1
timeout xlate 3:00:00 conn 1:00:00 half-closed 0:10:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
isakmp identity hostname
telnet timeout 5
terminal width 80
Cryptochecksum:adffa2c4ed9043ce3e54e959acacd8d8
: end
Configuration above shows when your PIX Firewall is running OS version 6.3. If your PIX Firewall or ASA is running OS version 7.0 or later, the similar configuration shows as following
hostname asa
enable password 8Ry2YjIyt7RRXU24 encrypted
names
!
!
interface Ethernet0/0
no nameif
no security-level
shutdown
!
interface Ethernet0/1
no nameif
no security-level
shutdown
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
logging enable
logging console notifications
logging buffered warnings
logging asdm notifications
mtu outside 1500
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
On PIX Firewall running OS version 6.3 by the default, the interface Ethernet0 is the WAN port (called outside interface) and interface Ethernet1 is the LAN port (called inside interface). Also by default, the outside security level is 0 (zero) and the inside security level is 100. You can notice all of these on the nameif command.
On ASA or PIX Firewall running OS version 7.0 or later, you can set any interface as either WAN or LAN port. For instance, you could have interface Ethernet0/0 as inside (LAN) and Ethernet0/1 as outside (WAN). Keep in mind that whichever interface you choose as outside or inside, the outside security level is still 0 (zero) and the inside security level is still 100. You will notice all of these once you set specific interface as either outside or inside.
From configuration above, PIX Firewall running OS version 6.3 have similar configuration as ASA or PIX Firewall running OS version 7.0 or later. There are some little differences here and there, but the general concept is the same.
To help you further, there will be specific command lines for PIX Firewall running OS version 6.3 and specific command lines for ASA or PIX Firewall running OS version 7.0 or later. When there is no such specification, it means that the following command lines are applicable to OS version 6.3 and later (of course including OS version 7.0 or later).
Let's moving on. As mentioned, you need to configure the PIX Firewall to have the proper IP connection scheme such as DNS, IP subnets, etc. In order to do that, you have to enter the configuration mode by issuing the following command
pixfirewall#configure terminal
Then you should have the following display.
pixfirewall(config)#
The (config)# prompt indicates that you are in the configuration mode.
Let us say that the following is the IP subnets that you need to put into the PIX Firewall or ASA.
WAN:
Subnet: 23.42.53.0/24 network (or 23.42.53.0 network with subnet mask of 255.255.255.0)
IP address: 23.42.53.24
Default Gateway: 23.42.53.1
DNS: 23.42.52.1
LAN:
Subnet: 10.10.10.0/24 network (or 10.10.10.0 network with subnet mask of 255.255.255.0)
IP address: 10.10.10.1 (as default gateway to your LAN machines that are sitting behind the PIX or ASA)
To configure these info, the general idea is to do the following:
1. Enter the configuration mode (which you already are)
2. Type in the interface IP address and subnet mask
3. Issue speed and duplex setting command to bring up the interfaces. For this illustration, all interfaces are set to auto negotiation
4. Enter the default gateway command
5. Specify the LAN subnet that need WAN access via NAT or PAT
6. Specify the WAN IP address as the NAT/PAT-ed IP address of the LAN subnet
7. Activate the NAT/PAT-ed IP address usage
8. Save the configuration.
Note that to access the WAN, the LAN subnet will be NAT/PAT-ed to WAN IP address. In typical Internet gateway environment where you connect the PIX Firewall WAN port to an Internet modem/router and the LAN port to the internal switch; then this NAT/PAT mechanism is required.
Side Note:
When you are not comfortable with the NAT/PAT concept, check out the following FAQ
»Cisco Forum FAQ »NAT and PAT; Introduction and Implementations
Here are the walkthrough configuration steps.
The interface IP address and subnet mask configuration:
PIX Firewall running OS version 6.3
pixfirewall(config)#ip address outside 23.42.53.24 255.255.255.0
pixfirewall(config)#interface ethernet0 auto
PIX Firewall/ASA running OS version 7.0 or later
asa(config)#interface Ethernet0/0
asa(config-if)#nameif outside
asa(config-if)#duplex auto
asa(config-if)#speed auto
asa(config-if)#ip address 23.42.53.24 255.255.255.0
asa(config-if)#no shutdown
Note that on ASA or PIX Firewall running OS version 7.0; the outside interface security-level is automatically set as 0 (zero).
The LAN interface:
PIX Firewall running OS version 6.3
pixfirewall(config)#ip address inside 10.10.10.1 255.255.255.0
pixfirewall(config)#interface ethernet1 auto
PIX Firewall/ASA running OS version 7.0 or later
asa(config-if)#interface Ethernet0/1
asa(config-if)#nameif inside
asa(config-if)#duplex auto
asa(config-if)#speed auto
asa(config-if)#ip address 10.10.10.1 255.255.255.0
asa(config-if)#no shutdown
Note that on ASA or PIX Firewall running OS version 7.0; the inside interface security-level is automatically set as 100 (one hundred).
To configure the default gateway, do the following:
pixfirewall(config)#route outside 0.0.0.0 0.0.0.0 23.42.53.1
When you wish to permit specific LAN subnet (i.e. 10.10.10.0/24) to have WAN access, you can issue the following command.
pixfirewall(config)#nat (inside) 1 10.10.10.0 255.255.255.0 0 0
If you wish to permit all LAN subnets to have WAN access, you can issue the following command.
pixfirewall(config)#nat (inside) 1 0.0.0.0 0.0.0.0 0 0
To specify WAN NAT/PAT-ed IP address of the LAN subnet, similarly you can specify specific IP address; range of IP address; or the WAN interface IP address itself. Let's say for illustration you like to use the WAN interface IP address itself. Then the command is
pixfirewall(config)#global (outside) 1 interface
Note that there is a 1 parameter on both nat and global commands. Basically when doing NAT/PAT, this parameter on both nat and global commands must match. If let's say the nat command uses 3, then the global command must use 3 as well to match. In other words, the NAT/PAT process is noted by a pair of both nat and global commands.
To activate the NAT/PAT-ed IP address (or to be exact, reset all of the NAT/PAT IP address), issue the following command.
pixfirewall(config)#clear xlate
Keep in mind that in this illustration, it is assumed that you have WAN static IP address scheme in Ethernet environment. When this does not match your situation, please go to the FAQ subsection and find the most suitable environment (PPP, DHCP, etc.).
There should be no further necessary step of configuring the PIX Firewall. You then need to exit the configuration mode and save the changes, by doing the following.
pixfirewall(config)#exit
pixfirewall#write terminal
You can also issue following command to save the changes if the PIX or ASA is running OS 6.x or 7.x.
pixfirewall#copy running-config startup-config
As to the DNS info, you need to inject it into your LAN machines. You can do it either statically or automatically. When you do it statically, it usually means that you configure the LAN machines to have static IP address. When you do it automatically, it usually means that you configure the LAN machines to have dynamic IP address.
Keep in mind that LAN machine configuration step varies, it highly depends on the operating system (i.e. Windows, Mac, or Linux). In general is that when you configure the LAN machines to have either static or dynamic IP address, go to the machine configuration mode and do it from there.
To explore more features and commands, check out the following FAQ
»Cisco Forum FAQ »Understanding PIX Firewall/ASA
Note:
This FAQ is written with purpose of introducing CLI to novices. Therefore this FAQ is not intended as the complete guideline on how to setup a PIX Firewall in specific WAN/LAN environment or setup a used PIX Firewall with saved configuration file already in place. When the PIX Firewall is going to connect directly to an ISP via cable modem, DSL, or T1/E1; please go to other FAQ subsections and find the most suitable environment (PPP, DHCP, static, etc.). If you are not sure how the PIX Firewall should connect to the ISP, please consult with the ISP since your ISP is the most knowledgeable source concerning their own connection to the customers.
Following is the FAQ of PIX Firewall configuration in specific WAN/LAN environment
Various PPPoE/PPPoA/DHCP/Static Sample Configuration with Cisco
For further info on command descriptions, check out the following
Cisco PIX Firewall Command Reference, Version 6.3
Cisco Security Appliance Command Reference, Version 7.0
Cisco Security Appliance Command Reference, Version 8.0
show feedback form
close
by aryoba
last modified: 2008-05-25 07:05:36 |
|
