Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
852
Views
0
Helpful
7
Replies

Help Configuring a 3 Interface PIX

tpopejr
Level 1
Level 1

‎08-14-2005 10:58 AM - edited ‎02-21-2020 12:19 AM

I've recently setup a PIX and I know the INSIDE - OUTSIDE translation was working properly but I'm having difficulty configuring the new 'REMOTE' interface on the PIX. I've attached a (very) basic drawing of the network.

In order for the REMOTE LAN to have FULL communication (including PING) with the INSIDE LAN, what commands need to be configured?

I'm assuming the following:

For full two-way communication between INSIDE and REMOTE:

Static (inside,remote) 10.11.1.0 10.11.1.0 netmask - no translation between subnets

Access-list 101 permit ip 10.11.1.0 255.255.255.0 10.10.0.0 255.255.0.0

Access-group 101 in interface remote

I've done this and it still doesn't work. What am I forgetting?

A Million thank you's,

Tom

Preview file
138 KB
0 Helpful
7 Replies 7

mehrdad
Level 3
Level 3

‎08-14-2005 11:22 AM

check this out pls :

static (inside,remote) 10.10.0.0 10.10.0.0 netmask 255.255.0.0

0 Helpful

cruz-a
Level 1
Level 1

‎08-14-2005 12:31 PM

I think you need a nat 0 statement in addtion to what you have.

PIX(config)#nat (remote) 0 10.11.1.0 255.255.255.0 0 0

0 Helpful

jmia
Level 7
Level 7

‎08-14-2005 01:11 PM

Tom,

Have a read of the following document:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008015efa9.shtml

This document gives example of configuring PIX with Mail server access on the DMZ, you can substitute the mail server for your remote LAN.

Hope this help and let me know how you get on, please rate post if it helps.

JM

0 Helpful

tpopejr
Level 1
Level 1
In response to jmia

‎08-16-2005 05:56 AM

The article did not address my main issue. Full two-way communication between INSIDE and DMZ (or REMOTE in my example).

Additionally, do I have to list the two subnets in between the PIX and the remote network (it's across a T1 - hopping two 1760 routers)?

Thanks,

Tom

0 Helpful

rsmith
Level 3
Level 3
In response to tpopejr

‎08-19-2005 03:32 PM

You do not need to list the intermediate subnets, but the PIX does need to know how to get to the 10.11.1.0 network

route REMOTE 10.11.1.0 255.255.255.0 192.168.253.2

Otherwise, it will use the default route.

0 Helpful

jackko
Level 7
Level 7
In response to tpopejr

‎08-21-2005 06:25 PM

please post the config

0 Helpful

arumugasamy
Level 1
Level 1
In response to jackko

‎08-21-2005 10:18 PM

Scenario tested in home network lab:

access-list all permit ip any any

access-list 120 permit ip 10.0.0.0 255.0.0.0 20.0.0.0 255.0.0.0

nat (inside) 0 access-list 120

static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0

access-group all in interface dmz

We need to configure the NAT 0

I used NAT exemption

I hope It would help ypu

swamy

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card