https://community.cisco.com/t5/network-security/pix-nat/m-p/137136#M615337 <HTML><HEAD></HEAD><BODY><P>Hello Nagu,</P><P></P><P>Please read the following document which covers setting up PIX with 3 interface with failover, a very well presented document by The SANS Org.</P><P></P><P>The document is in PDF format - </P><P></P><P><A class="jive-link-custom" href="http://www.sans.org/rr/papers/21/813.pdf" target="_blank">http://www.sans.org/rr/papers/21/813.pdf</A></P><P></P><P>Hope this helps -</P><P></P><P></P></BODY></HTML> Sun, 10 Aug 2003 08:27:15 GMT jmia 2003-08-10T08:27:15Z https://community.cisco.com/t5/network-security/pix-nat/m-p/137135#M615336 <P>Hi </P><P>I have got a PIX firewall with outiside,inside 2 subnets( 192.168.128.0 255.255.252.0 &amp; 192.168.136.0 255.255.248.0)</P><P>and DMZ (192.168.132.0 255.255.254.0 ). Below are my config's for the same...please lemme know if it is right...the inside users need to communicate with DMZ and vise versa,as well as outside..Dmz also needs to access the inside &amp; outside users .and outside needs to communicate with inside &amp; DMZ...</P><P>--------------</P><P></P><P>nameif ethernet0 outside security0</P><P>nameif ethernet1 inside security100</P><P>nameif ethernet2 outstation security50</P><P>enable password cisco encrypted</P><P>passwd Infy encrypted</P><P>hostname Firewall</P><P>domain-name cisco.com</P><P>!</P><P>!</P><P>interface ethernet0 100full</P><P>interface ethernet1 100full</P><P>interface ethernet2 100full</P><P>interface ethernet3 shutdown</P><P>interface ethernet4 shutdown</P><P>interface ethernet5 shutdown</P><P>!</P><P>ip address outside X.X.X.X 255.255.255.248</P><P>ip address inside 192.168.130.2 255.255.255.240</P><P>ip address Dmz 192.168.132.1 255.255.255.240</P><P>!</P><P>pdm history disable</P><P>arp timeout 14400</P><P>!</P><P>global (outside) 1 X.X.X.X X.X.X.X</P><P>nat (inside) 1 192.168.128.0 255.255.252.0</P><P>nat (inside) 1 192.168.136.0 255.255.248.0</P><P>nat (dmz) 1 192.168.132.0 255.255.252.0</P><P></P><P>global (dmz) 1 192.168.132.10-192.168.132.20 or instead of this line i can use the below two lines right for inside to DMZ</P><P>----------------------------------------------------------------------------</P><P>static (inside,dmz) 192.168.128.0 192.168.128.0 netmask 255.255.252.0</P><P>static (inside,dmz) 192.168.136.0 192.168.136.0 netmask 255.255.248.0</P><P>----------------------------------------------------------------------------</P><P></P><P></P><P>access-group acl_in in interface outside</P><P>access-list acl_in permit ip any DMZ Web server eq 80</P><P>route outside 0.0.0.0 0.0.0.0 x.x.x.x </P><P>route inside 192.168.128.0 255.255.255.0 192.168.130.1</P><P></P><P>thanks</P><P> </P><P>Nagu</P> Fri, 21 Feb 2020 06:55:27 GMT https://community.cisco.com/t5/network-security/pix-nat/m-p/137135#M615336 skiran 2020-02-21T06:55:27Z https://community.cisco.com/t5/network-security/pix-nat/m-p/137136#M615337 <HTML><HEAD></HEAD><BODY><P>Hello Nagu,</P><P></P><P>Please read the following document which covers setting up PIX with 3 interface with failover, a very well presented document by The SANS Org.</P><P></P><P>The document is in PDF format - </P><P></P><P><A class="jive-link-custom" href="http://www.sans.org/rr/papers/21/813.pdf" target="_blank">http://www.sans.org/rr/papers/21/813.pdf</A></P><P></P><P>Hope this helps -</P><P></P><P></P></BODY></HTML> Sun, 10 Aug 2003 08:27:15 GMT https://community.cisco.com/t5/network-security/pix-nat/m-p/137136#M615337 jmia 2003-08-10T08:27:15Z