Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
673
Views
0
Helpful
1
Replies

Configuring PIX 501

jerryfreeman
Level 1
Level 1

‎09-03-2003 07:39 AM - edited ‎02-20-2020 10:58 PM

Our ISP has supplied us a Cisco router which is currently connected to a switch. I am trying to add a PIX 501 into the mix. Below is my current running configuration on the PIX and the router. I am not able get an outside connection when the PIX is in place. What am I missing? Right now I just want to access the internet with the PIX in place. When I get that figured out I want to disable the nat on the router and take care of it on the firewall.

Thanks for your help.

PIX Configuration

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

clock timezone CST -6

clock summer-time CDT recurring

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

names

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 70.141.173.66 255.255.255.248

ip address inside 192.168.1.254 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

arp timeout 14400

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

terminal width 80

: end

Router Configuration

ip name-server 70.140.240.35

ip name-server 70.140.240.36

!

!

!

!

interface Serial0

ip address 70.141.103.140 255.255.255.252

no ip directed-broadcast

ip nat outside

encapsulation ppp

no fair-queue

service-module t1 timeslots 13-24

!

interface FastEthernet0

ip address 192.168.1.1 255.255.255.0 secondary

ip address 70.141.173.64 255.255.255.248

no ip directed-broadcast

ip nat inside

!

ip nat inside source list 1 interface Serial0 overload

ip nat inside source static tcp 63.141.173.65 25 192.168.1.7 25 extendable

ip nat inside source static tcp 63.141.173.65 110 192.168.1.7 110 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0

ip route 0.0.0.0 0.0.0.0 70.141.103.139

0 Helpful
1 Reply 1

scoclayton
Level 7
Level 7

‎09-03-2003 06:49 PM

Hi,

Looks like you left off access-list 1 from the router but assuming it looks something like:

access-list 1 permit 192.168.1.0 0.0.0.255

then try adding the following to the PIX:

access-list nonat permit ip 192.168.1.0 255.255.255.0 any

nat (inside) 0 access-list nonat

route outside 0.0.0.0 0.0.0.0 70.141.173.64

Make sure your default gateway on your internal hosts is set to 192.168.1.254 (PIX inside interface) and you should be cooking with gas. Hope this helps.

Scott

0 Helpful
Related community topics
Review Cisco Networking for a $25 gift card
Top