PIX Firewall Config

arumugasamy · ‎06-30-2005

Dear All,

I need to connect the firewall bet outside ADSL modem and the inside ISA server as tranparent bridge passing all the traffcs without any NAT/PAT configuration.

I do not want to use NAT/PAT config on pix firewall.It is being done by adsl modem.

I neeed to allow all the inbound traffics thro the firewall.

Pls suggest me the configuration steps for the above setup.

Regards,

Swamy

andygbrown · ‎07-05-2005

Swamy,

I'm not sure why you want to configure your firewall to be transparent, but you might like to look at the pix 6.3 documentation, under the section "Two Interfaces Without NAT or PAT" (http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172786.html#wp1113041) - that would seem to match the configuration that you want. The only change would be to add to the access-list that you want all ip traffic allowed in, but I would consider not doing this and making your inbound access-list more restrictive. If you really want to do that, replace step 12 with:

access-list acl_out permit ip any any

access-group acl_out in interface outside

Kind regards,

Andy

tvanginneken · ‎07-05-2005

Hi,

if you need an transparent bridge, you have to use pix version 7 and put the firewall in transparent mode (instead of routed mode).

Nat-control is disabled by default on pix version 7 so the natting is no longer necessary.

Create an access-list (access-list command)that allows all traffic and apply it to the outside interface (access-group command).

Kind Regards,

Tom