INTERNET ACCESS AND CISCO PIX FIREWALL

Hi all,

I'm not sure I've come through to the correct section. However, one of our
clients has a Windows server 2000 setup, with a patch panal, negear 24 port
switch, samsung cable modem and a cisco 501 pix firewall connected to the
cable modem.

I am actually just wondering where the missing 'router' comes into play in
this type of setup. i.e. how do all client PCs get their internet access
without a router installed?

Also, 2 client PCs are in another room and I would prefer to give them
wireless access rather than running cables through rooms. Can I replace the
Cisco Pix Firewall with a wireless firewall router?

Many thanks to all,
Jeff

In news:2BFBBF71-D48F-4158-9A93-(E-Mail Removed),
jeffuk123 <(E-Mail Removed)> stated, which I commented on
below:
> Hi all,
>
> I'm not sure I've come through to the correct section. However, one
> of our clients has a Windows server 2000 setup, with a patch panal,
> negear 24 port switch, samsung cable modem and a cisco 501 pix
> firewall connected to the cable modem.
>
> I am actually just wondering where the missing 'router' comes into
> play in this type of setup. i.e. how do all client PCs get their
> internet access without a router installed?
>
> Also, 2 client PCs are in another room and I would prefer to give them
> wireless access rather than running cables through rooms. Can I
> replace the Cisco Pix Firewall with a wireless firewall router?
>
> Many thanks to all,
> Jeff

You can use an Aironet in conjunction with the PIX. The PIX is acting as a
NAT device.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

Not sure how? It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Assimilation Imminent. Resistance is Futile.
Infinite Diversities in Infinite Combinations.

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy.
===========================

So the PIX is acting as the router then?

"Ace Fekay [MVP]" wrote:

> In news:2BFBBF71-D48F-4158-9A93-(E-Mail Removed),
> jeffuk123 <(E-Mail Removed)> stated, which I commented on
> below:
> > Hi all,
> >
> > I'm not sure I've come through to the correct section. However, one
> > of our clients has a Windows server 2000 setup, with a patch panal,
> > negear 24 port switch, samsung cable modem and a cisco 501 pix
> > firewall connected to the cable modem.
> >
> > I am actually just wondering where the missing 'router' comes into
> > play in this type of setup. i.e. how do all client PCs get their
> > internet access without a router installed?
> >
> > Also, 2 client PCs are in another room and I would prefer to give them
> > wireless access rather than running cables through rooms. Can I
> > replace the Cisco Pix Firewall with a wireless firewall router?
> >
> > Many thanks to all,
> > Jeff
>
> You can use an Aironet in conjunction with the PIX. The PIX is acting as a
> NAT device.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
> to easily find, track threads, cross-post, sort by date, poster's name,
> watched threads or subject.
>
> Not sure how? It's easy:
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Windows Server Directory Services
> Microsoft Certified Trainer
> Assimilation Imminent. Resistance is Futile.
> Infinite Diversities in Infinite Combinations.
>
> The only thing in life is change. Anything more is a blackhole consuming
> unnecessary energy.
> ===========================
>
>
>

Hi

Which model(s) of Aironet would you recommend? and so the PIX is acting as
the router then?

Many thanks

"jeffuk123" wrote:

> So the PIX is acting as the router then?
>
> "Ace Fekay [MVP]" wrote:
>
> > In news:2BFBBF71-D48F-4158-9A93-(E-Mail Removed),
> > jeffuk123 <(E-Mail Removed)> stated, which I commented on
> > below:
> > > Hi all,
> > >
> > > I'm not sure I've come through to the correct section. However, one
> > > of our clients has a Windows server 2000 setup, with a patch panal,
> > > negear 24 port switch, samsung cable modem and a cisco 501 pix
> > > firewall connected to the cable modem.
> > >
> > > I am actually just wondering where the missing 'router' comes into
> > > play in this type of setup. i.e. how do all client PCs get their
> > > internet access without a router installed?
> > >
> > > Also, 2 client PCs are in another room and I would prefer to give them
> > > wireless access rather than running cables through rooms. Can I
> > > replace the Cisco Pix Firewall with a wireless firewall router?
> > >
> > > Many thanks to all,
> > > Jeff
> >
> > You can use an Aironet in conjunction with the PIX. The PIX is acting as a
> > NAT device.
> >
> > --
> > Ace
> >
> > This posting is provided "AS-IS" with no warranties or guarantees and
> > confers no rights.
> >
> > Having difficulty reading or finding responses to your post?
> > Instead of the website you're using, I suggest to use OEx (Outlook Express
> > or any other newsreader), and configure a news account, pointing to
> > news.microsoft.com. This is a direct link to the Microsoft Public
> > Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
> > to easily find, track threads, cross-post, sort by date, poster's name,
> > watched threads or subject.
> >
> > Not sure how? It's easy:
> > How to Configure OEx for Internet News
> > http://support.microsoft.com/?id=171164
> >
> > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> > Microsoft MVP - Windows Server Directory Services
> > Microsoft Certified Trainer
> > Assimilation Imminent. Resistance is Futile.
> > Infinite Diversities in Infinite Combinations.
> >
> > The only thing in life is change. Anything more is a blackhole consuming
> > unnecessary energy.
> > ===========================
> >
> >
> >

In news:A8F10CCA-65E5-49EE-9E53-(E-Mail Removed),
jeffuk123 <(E-Mail Removed)> stated, which I commented on
below:
> So the PIX is acting as the router then?

Yep! That's how it offers NAT, for NAT is a 'routed' function, so to speak.
It is the gateway for all internal machines.

Ace

In news:0569F7C4-E40B-4CAD-8814-(E-Mail Removed),
jeffuk123 <(E-Mail Removed)> stated, which I commented on
below:
> Hi
>
> Which model(s) of Aironet would you recommend? and so the PIX is
> acting as the router then?
>
> Many thanks

We use the Aironet 1231 AT. It works fine.

Yes, any NAT device is a 'router' so to speak, taking into consideration
what NAT does.

Aec

In news:(E-Mail Removed),
Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&LastNameHere@ho tmail.com>
stated, which I commented on below:
> We use the Aironet 1231 AT. It works fine.

I meant the Aironet 1231 AP (Access Point). It supports 802.11 B/G, in
addition to numerous authentication and security features including 802.1x
authentication, EAP, PEAP, etc.

http://www.cisco.com/en/US/ordering/...d800f6103.html

Ace

Thanks Ace

"Ace Fekay [MVP]" wrote:

> In news:A8F10CCA-65E5-49EE-9E53-(E-Mail Removed),
> jeffuk123 <(E-Mail Removed)> stated, which I commented on
> below:
> > So the PIX is acting as the router then?
>
> Yep! That's how it offers NAT, for NAT is a 'routed' function, so to speak.
> It is the gateway for all internal machines.
>
> Ace
>
>
>

Hi Ace

Just one more question.

Is the Aironet 1231 access point easy to configure. I assume I'll just
connect it to the switch and give it a static IP out of range from other
devices and turn off DHCP. Is DHCP turned off by default on this Access Point?

The Windows 2000 server our client has is dishing out DHCP and is set to
192.168.6.1, the Cisco Pix Firewall is set to 192.168.6.10, I obviously
gather the Cisco Pix Firewall is set to static IP (I don't have the settings
or log in details for this as someone else set it up).

Is there anything else I need to configure on it? i.e. do I need to enter
the Cisco Pix Firewall IP address or will the Aironet detect it
automatically.

Sorry for so many questions, I want to get an idea before tackling this.

Many thanks,
Jeff

"jeffuk123" wrote:

> Thanks Ace
>
> "Ace Fekay [MVP]" wrote:
>
> > In news:A8F10CCA-65E5-49EE-9E53-(E-Mail Removed),
> > jeffuk123 <(E-Mail Removed)> stated, which I commented on
> > below:
> > > So the PIX is acting as the router then?
> >
> > Yep! That's how it offers NAT, for NAT is a 'routed' function, so to speak.
> > It is the gateway for all internal machines.
> >
> > Ace
> >
> >
> >

In news:6C5B63D1-ACF4-4D4E-9316-(E-Mail Removed),
jeffuk123 <(E-Mail Removed)> stated, which I commented on
below:
> Hi Ace
>
> Just one more question.
>
> Is the Aironet 1231 access point easy to configure. I assume I'll just
> connect it to the switch and give it a static IP out of range from
> other devices and turn off DHCP. Is DHCP turned off by default on
> this Access Point?

There is not DHCP service on this AP. It's just an AP. It connects into your
network. They do have another version that offers that service, but really
it's not needed since youy would rather use your Windows DHCP because it
works hand in hand with the dynamic DNS registration service (Option 081)
that no other DHCP server can offer other than Microsoft's. If you are using
your current router as your DHCP on any of your other clients, I would
recommend no to.


> The Windows 2000 server our client has is dishing out DHCP and is set
> to 192.168.6.1, the Cisco Pix Firewall is set to 192.168.6.10, I
> obviously gather the Cisco Pix Firewall is set to static IP (I don't
> have the settings or log in details for this as someone else set it
> up).

I hope it is static...

> Is there anything else I need to configure on it? i.e. do I need to
> enter
> the Cisco Pix Firewall IP address or will the Aironet detect it
> automatically.
>
> Sorry for so many questions, I want to get an idea before tackling
> this.
>
> Many thanks,
> Jeff

Jeff, when you purchase it, make sure you get a Premium support package with
it because the thing is complicated, but highly secure. You can put in a
request to Cisco and they will guide you Step By Step to configure it. If
you were to use Autoenrollment and other certificate features, then I would
suggest to get familiar with Windows 2003 PKI and how autoenrollment works.
Keep in mind an Autoenrollment cert is only possible with at least Win2003
Enterprise Edition.

Ace