Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
3
Helpful
4
Replies

Simple PIX 501 Question

Go to solution
IrisCluses
Level 1
Level 1

‎12-13-2004 08:51 AM - edited ‎02-20-2020 11:48 PM

hi all!

I have a 1400 DSL router behind a DSL modem.

there is a ATM25 link between the modem and router.

all works fine !

Now, i want a pix501...like this :

LAN----PIX----router----modem

I have already a static ip adress (one only).

But,how can i configure this ?

thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Patrick Iseli
Level 7
Level 7
In response to IrisCluses

‎12-14-2004 05:19 AM

The LAN users will be port translated to the PIX outside interface IP and the again Port translated on the IOS Router.

This is the lazy boy configuration!

Another way could be to disable NAT completly on the PIX. Add a route with the LAN Network on the Router with the gatway pointing to the PIX. Then Add a PAT for the LAN network on the Router.

sincerely

Patrick

View solution in original post

0 Helpful
4 Replies 4

Go to solution
nick.chettle
Level 1
Level 1

‎12-13-2004 09:02 AM

Will be a bit of a pain with just one IP.

You'll need to setup NAT on your router and then give the PIX an internal IP from the router.

As everythings been NAT'd you will have to mess around with port forwarding on the router.

Best bet would be to get a range of real IP's and give the PIX one of those so it has unrestricted access to the net.

0 Helpful

Go to solution
Patrick Iseli
Level 7
Level 7
In response to nick.chettle

‎12-14-2004 02:26 AM

Use PAT - Port Address Traslation on the PIX Firewall for all outbound traffic. Do you have inbound http or mail traffic to a WebServer or Mailserver ?

Note: All Public IP NAT/PAT is done on the Router to address 10.0.0.x/24 !!!

Router inside 10.0.0.1/24

PIX outside 10.0.0.254/24

PIX Inside 192.168.1.0/24

example PIX:

ip address outside 10.0.0.254 255.255.255.0

ip address inside 192.168.1.1 255.255.255.0

global (outside) 1 interface

nat (inside) 1 192.168.1.0 255.255.255.0 0 0

route outside 0.0.0.0 0.0.0.0 10.0.0.1

sincerely

Patrick

Go to solution
IrisCluses
Level 1
Level 1
In response to Patrick Iseli

‎12-14-2004 02:58 AM

thank you very much for your answer !

I don't have (for the moment) inbound http or mail traffic...

this config is ok !!!

but i don't understand the relation with my address IP fixed, like 194.251.63.52 for example.

it is the router who makes the translation of this address towards the pix?

how that does it function?

if i want to setup a vpn connection will be there no problem?

thank you very much

0 Helpful

Go to solution
Patrick Iseli
Level 7
Level 7
In response to IrisCluses

‎12-14-2004 05:19 AM

The LAN users will be port translated to the PIX outside interface IP and the again Port translated on the IOS Router.

This is the lazy boy configuration!

Another way could be to disable NAT completly on the PIX. Add a route with the LAN Network on the Router with the gatway pointing to the PIX. Then Add a PAT for the LAN network on the Router.

sincerely

Patrick

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card