Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
829
Views
0
Helpful
2
Replies

PIX - 1751 / Command Question

earancibia
Level 1
Level 1

‎10-25-2002 11:56 AM - edited ‎02-20-2020 10:20 PM

The following is my network setup:

1751 Router: Outside 216.39.X.X

Inside 172.16.1.1

PIX 506E Outside 172.16.1.2

Inside 192.168.0.1

PIX is serving as DHCP for Internal Network. I am using PAT on the firewall, is that the right way to do it?

Here is my question: what should to gateway all my Internal Network to the PIX? (what should the command be?)

Then, what line should I enter to route all internet traffic from PIX to 1751.

And last, What line should I enter on the router to point back to the PIX?

Any help would be greatly appreciated.

Ed

0 Helpful
2 Replies 2

steve.barlow
Level 7
Level 7

‎10-25-2002 02:34 PM

If you are connecting to the internet get rid of the 1751 or it will have to do NAT on it. Have the users get their default route pointing to the PIX (learned via DHCP) and have the PIXs default route pointing to the internet (your ISP router).

If this connects to your private network, keep the 1751 and your addressing the same. The users point to the PIX again and the PIXs default route points to the 1751. The 1751 doesn't need a static route to your network as the NATed IP will be on the same subnet as the router/PIX (seen as directly connected network).

See sample config below:

pixfirewall# sh config

: Saved

PIX Version 6.1(4)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname pixfirewall

domain-name xxxx

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

pager lines 24

logging on

logging buffered informational

logging timestamp

logging trap informational

logging host inside 192.168.0.x

no logging message 106015

no logging message 106007

no logging message 105003

no logging message 105004

no logging message 309002

no logging message 305012

no logging message 305011

no logging message 303002

no logging message 111008

no logging message 302015

no logging message 302014

no logging message 302013

no logging message 304001

no logging message 111005

no logging message 609002

no logging message 609001

no logging message 302016

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside 216.39.x.x 255.255.255.248 (or 172.16.1.2 if not connected to internet)

ip address inside 192.168.0.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 216.39.0.1 (or 172.16.1.1 if not connected to internet)

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media

0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

no snmp-server location

no snmp-server contact

snmp-server community test

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

no sysopt route dnat

telnet 192.168.0.0 255.255.255.0 inside

telnet timeout 5

ssh x.x.x.x 255.255.255.255 outside

ssh timeout 5

dhcpd address 192.168.0.2-192.168.0.254 inside

dhcpd dns x.x.x.x

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd domain inside

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Hope it helps.

Steve

0 Helpful

earancibia
Level 1
Level 1
In response to steve.barlow

‎10-25-2002 03:15 PM

Steve,

I tried it and worked just fine. Thank you very much for your help.

Eduardo

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card