https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483659#M534203 <HTML><HEAD></HEAD><BODY><P>Scenario tested in home network lab:</P><P></P><P>access-list all permit ip any any</P><P></P><P>access-list 120 permit ip 10.0.0.0 255.0.0.0 20.0.0.0 255.0.0.0</P><P>nat (inside) 0 access-list 120</P><P></P><P>static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0</P><P></P><P>access-group all in interface dmz</P><P></P><P>We need to configure the NAT 0 </P><P>I used NAT exemption </P><P></P><P>I hope It would help ypu</P><P></P><P>swamy</P></BODY></HTML> Mon, 22 Aug 2005 05:18:29 GMT arumugasamy 2005-08-22T05:18:29Z https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483652#M534196 <P>I've recently setup a PIX and I know the INSIDE - OUTSIDE translation was working properly but I'm having difficulty configuring the new 'REMOTE' interface on the PIX. I've attached a (very) basic drawing of the network.</P><P></P><P>In order for the REMOTE LAN to have FULL communication (including PING) with the INSIDE LAN, what commands need to be configured?</P><P></P><P>I'm assuming the following:</P><P></P><P>For full two-way communication between INSIDE and REMOTE:</P><P>Static (inside,remote) 10.11.1.0 10.11.1.0 netmask - no translation between subnets</P><P>Access-list 101 permit ip 10.11.1.0 255.255.255.0 10.10.0.0 255.255.0.0 </P><P>Access-group 101 in interface remote</P><P></P><P>I've done this and it still doesn't work. What am I forgetting?</P><P></P><P>A Million thank you's,</P><P>Tom</P><P></P><P> </P><P></P> Fri, 21 Feb 2020 08:19:53 GMT https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483652#M534196 tpopejr 2020-02-21T08:19:53Z https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483653#M534197 <HTML><HEAD></HEAD><BODY><P>check this out pls : </P><P>static (inside,remote) 10.10.0.0 10.10.0.0 netmask 255.255.0.0</P></BODY></HTML> Sun, 14 Aug 2005 18:22:30 GMT https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483653#M534197 mehrdad 2005-08-14T18:22:30Z https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483654#M534198 <HTML><HEAD></HEAD><BODY><P>I think you need a nat 0 statement in addtion to what you have.</P><P></P><P>PIX(config)#nat (remote) 0 10.11.1.0 255.255.255.0 0 0</P></BODY></HTML> Sun, 14 Aug 2005 19:31:31 GMT https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483654#M534198 cruz-a 2005-08-14T19:31:31Z https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483655#M534199 <HTML><HEAD></HEAD><BODY><P>Tom,</P><P></P><P>Have a read of the following document:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008015efa9.shtml" target="_blank">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008015efa9.shtml</A></P><P></P><P>This document gives example of configuring PIX with Mail server access on the DMZ, you can substitute the mail server for your remote LAN.</P><P></P><P>Hope this help and let me know how you get on, please rate post if it helps.</P><P></P><P>JM</P></BODY></HTML> Sun, 14 Aug 2005 20:11:12 GMT https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483655#M534199 jmia 2005-08-14T20:11:12Z https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483656#M534200 <HTML><HEAD></HEAD><BODY><P>The article did not address my main issue. Full two-way communication between INSIDE and DMZ (or REMOTE in my example).</P><P></P><P>Additionally, do I have to list the two subnets in between the PIX and the remote network (it's across a T1 - hopping two 1760 routers)?</P><P></P><P>Thanks,</P><P>Tom</P></BODY></HTML> Tue, 16 Aug 2005 12:56:18 GMT https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483656#M534200 tpopejr 2005-08-16T12:56:18Z https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483657#M534201 <HTML><HEAD></HEAD><BODY><P>You do not need to list the intermediate subnets, but the PIX does need to know how to get to the 10.11.1.0 network</P><P>route REMOTE 10.11.1.0 255.255.255.0 192.168.253.2</P><P>Otherwise, it will use the default route.</P><P></P></BODY></HTML> Fri, 19 Aug 2005 22:32:23 GMT https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483657#M534201 rsmith 2005-08-19T22:32:23Z https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483658#M534202 <HTML><HEAD></HEAD><BODY><P>please post the config</P></BODY></HTML> Mon, 22 Aug 2005 01:25:45 GMT https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483658#M534202 jackko 2005-08-22T01:25:45Z https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483659#M534203 <HTML><HEAD></HEAD><BODY><P>Scenario tested in home network lab:</P><P></P><P>access-list all permit ip any any</P><P></P><P>access-list 120 permit ip 10.0.0.0 255.0.0.0 20.0.0.0 255.0.0.0</P><P>nat (inside) 0 access-list 120</P><P></P><P>static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0</P><P></P><P>access-group all in interface dmz</P><P></P><P>We need to configure the NAT 0 </P><P>I used NAT exemption </P><P></P><P>I hope It would help ypu</P><P></P><P>swamy</P></BODY></HTML> Mon, 22 Aug 2005 05:18:29 GMT https://community.cisco.com/t5/network-security/help-configuring-a-3-interface-pix/m-p/483659#M534203 arumugasamy 2005-08-22T05:18:29Z