Sather

One of the more popular firewall products for the small business market is the Cisco PIX 501. Out of the box it requires just a few configuration entries and you are up and running.

In this guide, we will walk through the steps for configuring your brand new pix at the network edge.

This guide is written for the user who has no knowledge of the PIX firewall. As such, it is not a treatise on network security, but a quick, by-the numbers guide to configuring a PIX firewall with as little jargon as possible.

We are assuming that you have an internet connection with at least one static IP address. While the PIX can easily handle a dynamic IP address (that is the default configuration), you wont be able to easily configure remote access, VPNs, Mail, or web servers without a static IP address.

Your PIX should have come with an AC adapter, a yellow CAT 5 cable, an orange CAT5 cable and a flat, (typically) baby blue cable with a 9-pin serial connector on one end and an RJ-45 plug on the other.

The yellow CAT5 cable is a standard Ethernet cable and is used to connect your pc or server to the 4-port Ethernet switch built into the PIX. The Orange CAT5 cable is a cross-over cable and may be required to connect the outside interface of the PIX to your ISPs router (if your PCs or workstations are plugged into a Cisco switch inside the network, you will also require a cross-over cable for connecting to one of the switch ports on the PIX).

What we are going to use for our configuration is the baby blue rollover cable. Insert the serial jack into one of the serial ports on the back of the PC or laptop you will be using to configure the PIX. Then, insert the RJ-45 plug into the port on the back of the PIX labeled console.

Windows has a built in application that is used for (among other things) configuring serial devices. Using the start menu, go to Start > Programs > Accessories > Communications > Hyper Terminal.

Choose the Hyper Terminal application. You may get a dialog box asking if youd like to make Hyper Terminal your default telnet application. Unless you have a preference, go ahead and choose yes.

Then you will be asked for the area code from which you are dialing, although it isnt applicable here, the program still wants to know, so fill it in and click next or ok.

You can call the connection anything youd like; in this example well use PIX. Click ok to move on.

Next, well be asked to enter the details for the phone number wed like to dial. Since we aren't dialing a phone number, use the drop-down selector at the bottom of the box to choose COM1 or COM2 (whichever is applicable). If you have no idea which one is which, you may need to try it both ways.

Now, you will be expected to tell the application some specifics about the port settings so that it can effectively communicate with the PIX.

Luckily, it isnt too complex, just remember 9600, 8, none, and 1. Enter these settings into the drop down selectors of the box on your screen.

Now we are ready to set up the PIX. Insert the power cable and you will be greeted with the startup monologue (its not a dialog in this case; its just informing you of what is occurring).

Then, you will be greeted with a screen that asks if youd like to program the PIX using interactive prompts. For the purpose of this exercise, type no and click enter.

You will now get a prompt that looks like this:
pixfirewall>
Type the word enable (no quotes), when prompted for the password, just click enter as the default is no password.

The prompt has changed to a hash mark:
Pixfirewall#
Type the phrase configure terminal (no quotes); you are telling the PIX that you want to enter the global configuration mode and you will be doing your configuration via the terminal window.

Your prompt will now look like this:
pixfirewall(config)#

The first thing we want to do is give your pix a host name. The PIX command syntax is:
Variable name

Thus, to set the hostname we will enter:
pixfirewall(config)# hostname mypix

Now, the domain name; its alright if you dont have a domain set up on your network, you can call it whatever you like. However, give some thought to whether a domain might be a possibility at some point and plan your naming scheme appropriately.
pixfirewall(config)# domain-name mydomain.com

As you can see from the configuration above, the ethernet0 interface is the outside interface, with a security setting of 0, while ethernet1 is the inside interface with a security setting of 100. Additionally, you can see that the interfaces are shutdown. All we need do to bring them up is enter the speed at which they should operate. As they are Ethernet interfaces, any software version after 6.3(3) will take 100full, prior to that, use 10full.

pixfirewall(config)# interface ethernet0 100full
pixfirewall(config)# lnterface ethernet1 100full

Now to assign an address to the inside and outside interfaces; the ip address command sets the ip address of an interface. The syntax is as follows:
Ip address

An example might be as follows:
Ip address outside
pixfirewall(config)# ip address outside 12.25.241.2 255.255.255.252 (this IP address, netmask combination should not be used, it is shown here for example only. Use the IP address/mask given to you by your ISP).

Then the inside IP address
ip address inside
pixfirewall(config)# Ip address inside 192.168.0.1 255.255.255.0

A brief word about IP addressing is in order here.

One way that is used to conserve public IP addresses is through the use of non-routable IP addressing blocks specified in RFC 1597. You may sometimes hear them referred to as private IP addresses, which is fine, but not quite technically accurate. There are three different blocks to choose from:
10.0.0.0 10.255.255.255 with a netmask of 255.0.0.0
172.16.0.0 172.31.255.255 with a netmask of 255.255.0.0
192.168.0.0 192.168.255.255 with a netmask of 255.255.255.0

as long as your internal network's IP addresses are all within one of those blocks of address space, you will not need to introduce the complexity of routing within your LAN. An example scheme for those who are not familiar is shown below:
PIX 192.168.0.1 netmask 255.255.255.0
File/DHCP server 192.168.0.2 netmask 255.255.255.0
Workstations 192.168.0.10 192.168.0.254 netmask (each) 255.255.255.0
* I intentionally skipped over the 192.168.0.3-9 addresses to plan for future expansion and the possible need for additional servers, you don't have to do this.
* Configure your DHCP server to hand out addresses in the specified block using your ISP-provided DNS servers for name resolution. Make sure to change this should you ever decide to install a name server within your own network.
* If you don't want to set up a DHCP server, just configure each PC with the IP address, default gateway, netmask & DNS servers

It is very important now to add a default route to the PIX configuration. Another term for default route is the default gateway. You need to tell the PIX that if it receives traffic destined for a network that isnt directly connected, it should send it to the connected ISP router. Your ISP should have given you the IP address of your default gateway when you received your setup information.

Here is the syntax:
Route
The English translation is if packets destined for interface on the network specified by network address are bounded by mask then route it via a next hop at the optional command is used to give an indication of distance.

For example
pixfirewall(config)# Route outside 0 0 <12.25.241.1> 1
(if packets are destined outside the network to any ip address with any netmask, send them through the ISPs default gateway, which is one hop away, meaning it is the device to which the PIX is connected on the outside interface).

To password protect your PIX in order to prevent unauthorized access, use something that is secure and hard to guess. Try to stay away from the names of spouses, children, pets, birthdays or other easily guessed variable. Whenever possible, use a combination of letters and numbers. The syntax is as follows (but please dont use cisco as your actual password)
pixfirewall(config)# Passwd cisco (note the abbreviated spelling of the word password) this will set a password for basic access (rembember the pixfirewall> prompt?)
pixfirewall(config)# Enable password cisco this will set the password for administrative access

Now that your PIX has been given a basic configuration, you should be able to access the internet, while preventing unauthorized access to your resources.

Ron Jones is the Founder and President of The Fulcrum Technology Group, Inc. www.fulcrumtechnologygroup.com Located just North of Atlanta, this consulting firm specializes in business technology solutions that will enable you to maintain a competitive advantage by increasing productivity, improving reliability and reducing expenses.

Perfect Darkness promises that you have the power to get your windows tinted, so there is nothing to fear.

Perfect Darkness wants you to know that you are worthy of this luxurious service even though others may be jealous because the car will look so good when your windows are tinted.

Perfect Darkness also promises that there will always be hater type mind sets, some even with rage seeking revenge, but there is no need to get angered, discouraged or point the blame. Trust us and do not worry or doubt with disappointment as you do not need to be overwhelmed.

Perfect Darkness promises if you are without frustration and irritation and understand that pessimism will not help to get your windows tinted, you will move straight past the boredom and contentment to hopefulness and optimism.

You will believe with positive expectation that tinting your windows with eagerness and enthusiasm will bring you happiness and new found feelings of passion for the outcome of your vehicles windows and perfect shades of darkness, bringing you more joy and empowerment with freedom to love your car that much more, thus having appreciation for Perfect Darkness as Perfect Darkness appreciates you.

With much gratitude,
The founder of Perfect Darkness, Jeremy Creager
Jeremy Creager Owner
Visit us at our NEW shop: 429 Olive St. Unit #K, Santa Rosa, CA 95407

TESTIMONIAL
DH:

I am delighted to recommend Perfect Darkness to anyone looking to get their windows tinted. Jeremy is wonderful to work with, offering expert craftsmanship, competitive pricing and clear friendly communication.

I was having difficulty with bright lights, both during the day and at night. Tinting the windows of my car hes helped me feel safer on the road.

Jeremy answered all my questions and even called a couple of weeks after installation to inquire about my satisfaction with the results. He's the best.

To get the best window tinting quality and service money can buy visit http://www.perfectdarknesstint.com

In the technological lifecycle of new products there are distinct stages, first a concept must be proven feasible. Then it must be shown that the idea can be sold and mass-produced in the market place. After these first two steps are achieved and production is accomplished then as the product becomes accepted the price begins to fall. Cell phones, microwave ovens, CD players all entered the marketplace with exorbitant prices but as they proved their worth the prices fell.

Enter the 2006 Tesla Roadster 0 to 60 in four seconds at a cost of one penny per mile. At 0 to 60 in four seconds you could pass most anything on the highway, but what you will always pass is the gas station. The Tesla roadster is all electric with a 250-mile range and a full charge time of three hours. That is equivalent to 135 mpg. Its secret is the battery a lithium ion lightweight battery the same as in your cell phone. As miles per gallons in gasoline vehicles have stalled at around 50-mpg battery technology keeps on improving.

General Motors proved with their EV1 electric car program the concept was viable in fact when the leased cars were call back in many of leasers begged GM to sell them the cars. So step one has been achieved and the concept proved and step two if only anecdotally is proven people enjoy electric cars. Now if you can give them performance with a two hundred and fifty mile range the only factor left is the cost. My first microwave cost almost $500.00 in 1985 dollars my last one $150.00 in 2000 dollars like wise cell phones and VCRs it all part of the process. This is America and you cant sell a car that runs forever for a nickel if it doesnt look cool!

This car looks cool; if you saw it coming it would turn your head guessing Ferrari? Lamborghini or Porsche? The car is futuristic, fully integrating the computer and the automobile turn the key and nothing happens until you add your pin. Drop your Tesla off for valet parking you switch to valet mode top speed 30 mph. This is a car for the 21st century every bell and whistle is included. Everything you would expect 4 wheel disc brakes, ABS with airbags with super car performance.

The car comes from the factory with a battery charger included and is outfitted both the car and the charging unit with computers that talk to each other. No power will begin transferring unless both computers are in agreement. If the charging cable isnt correctly attached or there is tension on the cord (from pets, kids, bicycles, and other items that may pass through your garage), the charger disengages. Even the battery box is self-regulating and protecting. Its programmed to prevent overcharging, and will shut itself down should you ever play U boat commander like Tom Cruise in Risky Business or if it senses that the cars airbags have deployed.

Why electric? Why not a Hybrid? the answer is oil dependence the Hybrid is like an alcoholic that says Im not going to drink as much today as I did yesterday. 63% of every drop of oil we import is used as a motor fuel, 3% is used to generate electricity. The Tesla is zero emission, zero nada zilch. Hybrids are cleaner but they dont solve the problem, Hybrids are a boat when what we need is a bridge.

Dont get me wrong Hybrids are great improvement but Hybrids integrate a gasoline engine with an electric motor and battery pack. The gasoline engine is small to save weight and fuel and like wise the electric motor and battery pack. Its snowshoes and skis if youve have an electric motor system with gasoline performance whats the gasoline engine for? Training wheels perhaps? Hybrids remind me of the old saying a camel is a horse designed by a committee. Lets not forget the main purpose why we are doing this, to save the planet to lesson the need for foreign oil is good but to eliminate it would be great!

Scientists and environmentalist forecast we must cut back on our emissions of green house gases by 20% in the next 25 years or the future is bleak. How about 60%, President Kennedy gave us a goal of ten years to reach the moon when the technology to do so didnt exist, this technology does exist. Everything you ever wanted in a car and less for $1.80 a fill up not a gallon but a fill up! No standing in the cold or rain and snow filling up the old gas burner for you, you pull into the garage put in the plug and your done. Embrace the future my Grandmother didnt like gasoline automobiles.

Simplicity is the answer everyone knows about electric motors and batteries, how often do you have trouble with a fan or your refrigerator or a can opener all electric motors. When you build a car thats electric, you start with one built-in advantage: Electric cars just dont have to be as complex mechanically as the car youre probably driving now. Sophisticated electronics and software take the place of the pounds and pounds of machinery required to introduce a spark and ignite the fuel that powers an internal combustion engine.

For example, the typical four-cylinder engine of a conventional car comprises over a hundred moving parts. By comparison, the motor of the Tesla Roadster has just one: the rotor. So theres less weight to drive around and fewer parts that could break or wear down over time.

But the comparison doesnt end with the counting of moving parts. The engine and transmission of a conventional car also need lubricating oils, filters, coolant, clutches, spark plugs and wires, a PCV valve, oxygen sensors, a timing belt, a fan belt, a water pump and hoses, a catalytic converter, and a muffler all items requiring service, and all items that arent needed in an electric car.

The car has only one drawback the cost around $200,000 but then again this is a high performance sports car whose competitors can cost twice that. It is the technology of zero emissions with good performance and good range along with a fast recharge that evokes images of the Wright Brothers. I have seen the future and if I had Bill Gates money I would be plowing it into this technology. For it is better to teach a man to fish than merely supply one.

The worlds demands for oil keep rising no matter what your political outlook no one can deny we wouldnt have been in such a hurry to set up a democracy in Iraq if they didnt have oil resources. The worldwide struggle for these resources grows greater by the day. No petroleum expert will argue that production will always exceed demand, do we wait for the well to run dry? Do we use our children fight wars to protect our share? Do we continue to off load tankers full of oil only to fill them back up with our dollars? To export our wealth to dictators tyrants and Sultans that we claim are our friends only because they have something we need.

We have the answer; we are Americans that is what we are good at, answers. We invent what we dont have we always have. Why we would continue to send billions to countrys that dont like us and we dont really like them is insane. When you add to that our pollution problems, and the importing of foreign cars. You see this is an American car built in California and it sure would be fun to export millions of cars instead of importing them. I think if I were their marketing manager every Tesla would include a letter to OPEC that said you can Kiss my American Backside

http://www.teslamotors.com/