cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
266
Views
0
Helpful
2
Replies

connecting pix behind 801

shoebwk
Level 1
Level 1

I have a 801 router configured to internet, so LAN pc can connect to the internet. Detail IOS is below

This setup is temporary, because now i have to connect a firewall pix 506E behind the router with users accessing the net through firewall.

I think the Eo IP of the router will now change to 213.x.x.b & external IP will now change to 213.x.x.c with BRI0 remaining unchanged i.e. 213.x.x.a. Also now the gateway for the LAN PC will be same i.e. 192.168.1.100 which will now be PIX internal IP.

Though its my first interaction with PIX, I am pasting he final IOS. Related to this if anybody can send the basic configuration to setup the PIX up & running. so that users can connect to the internet behind the firewall

Thanks a Lot

Best regards

shoeb

====================IOS==========================

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname dxb2000

!

enable secret xxxxxx

!

ip subnet-zero

!

no ip domain-lookup

isdn switch-type basic-net3

!

!

!

interface Ethernet0

ip address 192.168.1.100 255.255.255.0

ip nat inside

no cdp enable

!

interface BRI0

no ip address

encapsulation ppp

dialer pool-member 1

isdn switch-type basic-net3

no cdp enable

ppp authentication pap callin

!

interface Dialer1

description CONNECTION TO INTERNET

ip address 213.x.x.a 255.255.255.248

ip nat outside

encapsulation ppp

dialer pool 1

dialer idle-timeout 0

dialer string 4004444

dialer persistent

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username xxxxxx password xxxxx

!

ip nat pool nat-pool-0 213.x.x.a 213.x.x.a netmask 255.255.255.248

ip nat inside source list 1 pool nat-pool-0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

!

!

access-list 1 permit 192.168.1.0 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

banner login ^C RESTRICTED ACCESS ^C

!

line con 0

password xxxxx

login

stopbits 1

line vty 0 4

password xxxxx

login

!

no rcapi server

!

!

end

2 Replies 2

mhoda
Level 5
Level 5

Hi,

Pl. go thru this link -

http://www.cisco.com/warp/public/110/single-net.shtml

If you want to remove nat from the router then you can just directly follow the above link to configure your pix.

Regards,

Mynul

1. do i need to remove these natting from the router :

ip nat inside

ip nat outside

ip nat pool nat-pool-0 213.x.x.a 213.x.x.a netmask 255.255.255.248

ip nat inside source list 1 pool nat-pool-0 overload.

2. do i need to change the dialer1 ip to "ip unnumbered e0". i need a public internet ip to connect to the internet. i.e. 213.x.x.a ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: