Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
329
Views
0
Helpful
3
Replies

pix firewall

raman8880
Level 1
Level 1

‎08-30-2005 08:54 PM - edited ‎02-21-2020 12:21 AM

we have pix firewall 501 and we have a static ip for internet acess kindly tell me plz how we configure this firewall .what is inside and outside ip and in outside will configure static ip adn in inside ip what we configure.

0 Helpful
3 Replies 3

mehrdad
Level 3
Level 3

‎08-30-2005 09:33 PM

You must assign internet static ip address to outside interface as follow :

command : ip address if_name ip_address [netmask]

ip address outside x.x.x.x y.y.y.y

Define default gatewat as well :

command : route if_name ip_address netmask gateway_ip [metric]

route outside 0.0.0.0 0.0.0.0 b.b.b.b

now you should decision about your LAN IP assignment :

as RFC 1918 :

10.0.0.0 - 10.255.255.255 (10/8 prefix)

172.16.0.0 - 172.31.255.255 (172.16/12 prefix)

192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

assigne one ip address to inside interface :

ip address inside x.x.x.x y.y.y.y

for example :

ip address inside 192.168.100.1 255.255.255.0

if your policy is to NAT every ip addresses at your local LAN :

nat (inside) 1 0 0

nat (outside) 1 interface

if your policy is to NAT specify ip addresses, first create a access list then NAT them :

access-list natip permit ip x.x.x.x y.y.y.y any

for example :

access-list natip permit ip 192.168.100.0 255.255.255.128 any

nat (inside) 1 access-list natip

nat (outside) 1 interface

by the way you can configure your PIX as DHCP but it limits and it's depended on your software and license

(between 32 and 256 active host)

see the below links for more information :

http://www.ciscopress.com/articles/article.asp?p=31464

http://www.netcraftsmen.net/welcher/papers/pix01.html

Regards,

Mehrdad Arshad Rad

0 Helpful

pwicks
Level 1
Level 1

‎08-30-2005 09:33 PM

Go to this URL on the Cisco site: http://www.cisco.com/en/US/customer/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008008cd40.html

The first few configuration examples are perfect for the 501.

Two Interfaces Without NAT - Basic

Two Interfaces with NAT - Basic

Two Interfaces with NAT - Advanced

0 Helpful

spremkumar
Level 9
Level 9

‎08-30-2005 10:04 PM

hi

Normally we used to configure the static ip which is the public on the outside interface and a seperate block for your inside local lan thats ur inside interface.this can be of anything in the private ip subnet range..

you need to have proper routes i.e.,your default route pointing your outside interface to allow your traffic to take that as the default path.

And again with the above said points you need to have natting enabled for your local lan ips to reach the outside world..

for more n more info do have look on this link...

http://cisco.com/en/US/partner/products/sw/secursw/ps2120/products_installation_and_configuration_guides_list.html

regds

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card