Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
0
Helpful
2
Replies

PIX in transparent mode Problem (NAT 0)

spalislam
Level 1
Level 1

‎05-07-2003 07:24 AM - edited ‎02-20-2020 10:43 PM

I am fairly new to PIXes; therefore, I need some help.

I have read a lot of resources on PIXes. However, I can not get the firewall working in the basic NO-NAT transparent mode using nat 0. The main problem is that all cisco literature assume that Pix will have different subnets on the ports. However, I am only trying to implement PIX with no NAT on the same subnet. This is the layout.

Rest of the Network

|

Router E1 (x.x.200.1)

|

|

PIX int E0 (OUT)

PIX int E1 (IN)

|

|

MY INSIDE NETWORK.

I want to use all existing IPs. I understand that nat (inside) 0 0.0.0.0 255.255.255.255 should be used. However, what IPs to I give to the PIXes interfaces. What IPs (default gateway) should PCs inside of the network have.

I would like to put the PIX in transparent mode, so the default gateway would be 200.1 and traffic would be forced through PIX.

Please, if anyone has any suggestions and config samples, I would appreciate it.

Thanks,

Senad P.

0 Helpful
2 Replies 2

mostiguy
Level 6
Level 6

‎05-07-2003 07:40 AM

A Pix cannot be a bridging firewall. You need to assign ip addresses to each interface, and route through it. Is there a router between your internal network and the pix? If there is, it will need to have the pix configured as its default gateway

You want to use nat (inside) 0 0.0.0.0 0.0.0.0

Your command nat (inside) 0 0.0.0.0 255.255.255.255 means that only the host 0.0.0.0 gets natted.

It could be that this configuration change is all that you need to make, as you didn't provide internal topology information.

0 Helpful

spalislam
Level 1
Level 1
In response to mostiguy

‎05-07-2003 08:44 AM

Thanks for the info.

The nat command I had correct on the firewall. However, I did not have configuration handy as I was typing the questions, so I just wrote it out of my head. Anyhow, the nat statement is not a problem. It is the interfaces and IPs.

I though that PIX can be used as the bridge. OK. then. I also tried to use it as a router on the same subnet and it does not work. What IPs to I need to give to the PIX interfaces.

Here is the layout.

Router

(x.190.200.2 - 255.255.255.0)

|

|

|

PIX Int E0 (x.190.200.254 - 255.255.255.0)

PIX Int E1 (x.190.200.1 - 255.255.255.0)

(This IP can not be entered because it is the same subnet)

|

|

|

(PC with x.190.200.100 - 255.255.255.0 - x.190.200.1)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card