Firewall Wizards mailing list archives
RE: Cisco PiX 501 running 6.2 - Defying me for no reason
From: "Josh Welch" <jwelch () buffalowildwings com>
Date: Thu, 18 Mar 2004 10:02:58 -0600
Kyle King said: <snipped config information that Lookout made a jumble of>
When I configure one of the computers with the appropriateinformation for astatic IP, the computer connects to the internet fine (this is when not connected with the PiX between it). However, it requires that Isupply theDNS servers. When I configure the PiX to access the internet using astaticIP, no where do I find the command/option to input the DNS servers; and besides that, when I use static IP, the computers behind the firewallcannotaccess the internet.This turned out to be an issue with our modem. It used MAC address's to assign static IPs, so when I transfered the static to the firewall, the modem did not like that. A modem reset fixed that issue. However, when I use the configuration I have shown above, I can only ping address's from both the firewall and PC. I cannot ping names, such as
www.google.ca (which
I use as my test page simply cause i know the address for it
(66.102.7.104)). When I try to ping a name from the PC, it comes back as no
such name exists, and I can't seem to make the firewall ping any name,
possibly due to the way the ping command on the firewall works.
--my comments--
I am a little unclear here, and I'm getting some weird wrapping and quoting
from Lookout so that's not helping. It sounds like your client PC is simply
unable to get DNS working. Are you trying to use your PIX as your DHCP
server and have it issue an IP and DNS server to your client PC? Or is it a
matter of your client PC's DNS requests getting shot down by your PIX?
--end my comments--
Anyway, when I enable the VPN client, all access, including those pings,
stops working. However, according to the little led on the front, I am
connected to the VPN. I don't have access to anything on their end however.
--my comments--
Well, this would make sense in that when the VPN starts up all traffic will
be forced through the VPN unless the vpngroup on the VPN head has split
tunneling set up in it. You also need to find out if you should be running
your PIX in network extension mode or client mode, that's going to have some
impact on how things behave. If all the IP addresses of your client PCs
whould be visible from the remote site, then you want network extension
mode, if you want all your IP's natted to the remote site, you want client
mode.
HTH,
Josh
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco PiX 501 running 6.2 - Defying me for no reason Kyle King (Mar 15)
- <Possible follow-ups>
- RE: Cisco PiX 501 running 6.2 - Defying me for no reason Crissup, John (MBNP is) (Mar 18)
- RE: Cisco PiX 501 running 6.2 - Defying me for no reason Steven A. Fletcher (Mar 18)
- Re: Cisco PiX 501 running 6.2 - Defying me for no reason Kyle King (Mar 18)
- RE: Cisco PiX 501 running 6.2 - Defying me for no reason Josh Welch (Mar 18)
- Re: Cisco PiX 501 running 6.2 - Defying me for no reason Kyle King (Mar 19)
- Re: Cisco PiX 501 running 6.2 - Defying me for no reason Kyle King (Mar 18)
- RE: Cisco PiX 501 running 6.2 - Defying me for no reason Steven A. Fletcher (Mar 18)