topic pix inside an internal network in Network Security

pix inside an internal network

fellis20 — Fri, 21 Feb 2020 05:56:40 GMT

I installed a pix 506 to protect a single server inside a network the network is divided into 2 nets:

the 1st net has an IP adress of 131.107.0.0/24

the second network has an ip of 10.3.1.0 255.255.255.248

the pix is protecting ip 10.3.1.3 255.255.255.248

the nat inside the pix is the following:

global (outside) 1 10.3.1.3 netmask 255.255.255.248

nat (inside) 1 10.3.1.0 255.255.255.248 0 0

the problem is when we change the global outside address to 10.3.1.5-8 we can access the outside interface but we do not access it with the 10.3.1.3

even when we change the ip address of the protrcted server it still doesn't work; i need to keep this address because i have a VPN that forwards information to that specific address and to a specific port.

anyhelp with this problem?

Re: pix inside an internal network

subaa — Thu, 03 Jan 2002 16:35:13 GMT

If I understand clearly:

The OUTSIDE is: 131.107.0.0/24

The INSIDE is:10.3.1.0/29

The server IP is: 10.3.1.3 (?)

You want to reach that server form the OUTSIDE using the IP 10.3.1.3. Is that correct?

If so, forget all global and nat statements, and configure the following:

static (inside, outside) 10.3.1.3 10.3.1.3 0 0.

If you want to start connections form the INSIDE (10.3.1.0/29) you'd better change the global address to an IP address form the OUTSIDE IP address range (131.107.0.0/24). Don't forget, that even if you use nat, the STATICed hosts will use the IP addresses specified in the static statements. But from your info I guess there is no need to initiate connections form the INSIDE.

Bests,

Attila Suba