Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and the Yahoo Answers website is now in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.

Firewalling: pix 501 setup issues - Please help if you can!! All suggestions are greatly appreciated!?

Hi, My name is Jessica,

& I could really use some suggestions!!

I have a new 501 running 6.3(5) with a 10 user license. I have a network of 5 computers running local applications, we only need internet access through the firewall for 3 of the workstations. The setup is internet-DSL modem-PIX-switch. I have it up and connected, but I have issues:

1. Hosts that are not going to the internet are hitting the PIX and apparently taking up license slots -- if these hosts have their default gateway removed or altered, will this fix the problem?

2. One host simply can't access webpages although I can ping from it to the 'net. This machine works fine with my old firewall, I can't come up with theories why this is happening (the show local-host says I have available spots..)

3. The show local-host print out says I only have 8 maximum active connections, shouldn't that say 10?

Any suggestions or comments would be greatly appreciated!

Thanks a million!


Don't report me as spam.

This is a serious question.

If you don't wish to help me on Yahoo! Answers, Than I will simply log into Cisco and ask others on this particular subject.

Thanks anyway!

2 Answers

  • 1 decade ago
    Favorite Answer

    1. Yes, change the default gateway to a either or another device on the LAN. As long as the subnet mask is correct you should still be able to access internal resources.

    2. Check the DNS entries on that machine, clear the arp cache and route tables.

  • angry
    Lv 6
    1 decade ago

    I usually work with the 515 but I hope this helps.

    The inside interface IP of the Pix is the default gateway for your inside hosts. The Pix will translate addresses from the inside interface to the outside interface. You need to ensure that the outside interface IP address is consistent with that used on the inside interface of the DSL router.

    A Pix will randomize the TCP sequence number to make it harder to spoof. This may be confusing your router. Try the norandomseq keyword at the end of your nat/global combo.

    Your Pix may have problems with allowing multimedia from the Internet. If you are having problems with this, check your fixup settings. In addition you may need to setup an outside access-list or conduit statements to allow specific outside connections. Be very careful how you do this or your may render the firewall features impotent.

Still have questions? Get your answers by asking now.