Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
360
Views
0
Helpful
1
Replies

PIX access list issues

quiksilv3r
Level 1
Level 1

‎03-24-2009 08:39 PM - edited ‎03-11-2019 08:09 AM

Hi guys, I have a test PIX 515 here and I have just configured a logical interface as a VLAN. The switch can see the correct VLAN, and the pix can ping one host on the new VLAN, and vice versa, so the VLAN is operational.

I am sitting behind an interface called ABC and this is numbered 192.168.1.0/24 and I am trying to access the network listed above on 10.0.31.248/29

I believe I need to create 2 static entries, nat entries for both and then create an access-list for traffic, applying the list via an access-group. Is this correct, or am I missing something here?

as far as the static entries go, are these something like:

static(abc,vlan166)192.168.1.10 192.168.1.10 netmask 255.255.255.255

For nat do I just add:

nat (abc) 1 0 0

nat (abc) 0 access-list nonatabc

Thanks,

Dean

Labels:
0 Helpful
1 Reply 1

andrew.prince
Level 10
Level 10

‎03-25-2009 02:22 AM

Dean,

You only have to have 1 static NAT from the source to the destination, the PIX will work out the reverse. You would need to add another static NAT if the traffic flows in the other direction.

The above config is incorrect - let me explain:-

nat (abc) 1 0 0 - says all traffic from interface abc should be natted to the global NAT IP addressed associated with NAT id 1.

nat (abc) 0 access-list nonatabc - says any traffic from the source to the desintation in access-list nonatabc should not be natt'd

static(abc,vlan166)192.168.1.10 192.168.1.10 netmask 255.255.255.255 - statically performs a same IP static network nat.

HTH>

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card