01-12-2004 01:28 PM - edited 02-20-2020 11:11 PM
Hi,
I am test configuring my PIX 515e befre I make my users' lives living hell, and I am not sure do I NAT PAT or both.
I have a internet connection by means of a cable modem that is currently hooked to a Linksys router. I am going to say goodbye to the Linksys and use only the PIX.
So my question is do I need to NAT or PAT from the outside to the inside, and do I need to NAT or PAT from the inside out? To make things more complicated what do I do with my DMZ?
A side not I currently use the linksys to port forward MS remote desktop to an inside workstation, can I still do that?
Thanks for any help anyone has.
Marc
Solved! Go to Solution.
01-13-2004 04:44 AM
Hi Marc,
The document that you need is:
http://www.cisco.com/warp/public/707/28.html
Hope this helps and let me know if you need further info/help and good luck with CCNA.
Thanks - Jay.
01-12-2004 03:37 PM
Marc
Im really worried of your efforts with the PIX. It is not an easy tool to learn and can be destructive if deployed wrong.
please hire a consultant to protect your assets
William Ferrell
IA WAN Eng., CCNP, CISSP
WaizComm-PCNets.net
01-13-2004 04:38 AM
Will,
I appreciate your concern, but I am currently studying for my CCNA, and trying to learn as many Cisco products as I can. To reassure you, the network it is going on is a complete test network, but i have a few people who are my willing test subjects.
01-13-2004 04:44 AM
Hi Marc,
The document that you need is:
http://www.cisco.com/warp/public/707/28.html
Hope this helps and let me know if you need further info/help and good luck with CCNA.
Thanks - Jay.
01-13-2004 05:39 AM
Jay,
Thats the document I need. No matter how long I search through the site it seems that I miss the one doc, that tells me what I need.
01-12-2004 03:57 PM
You'll want to do something similar to:
NAT (inside) 1 0.0.0.0 0.0.0.0
GLOBAL (outside) 1 interface
This will take any connection on the inside and translate it to the IP address of the outside interface (PAT).
Assuming your cable provider uses DHCP, you'll want to configure your outside address similar to:
ip address outside dhcp setroute retry
"dhcp" obviously gets an address, etc.
"setroute" sets the default route
"retry" by default retry dhcp 4 times and is configurable
As for "port forwarding" I think I've heard that the PIX has that capability but have not tried it. If the outside interface is dependant on dhcp this probably isn't the best way to go. You might want to get some static addresses from your provider. Either way, allowing remote desktop kind of defeats the purpose of the PIX.
01-13-2004 04:40 AM
Thanks for the direction, after 8 hours of reading I cleared up a lot of my NAT/PAT confusion. Going to keep plugging away.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide