07-02-2003 07:43 AM - edited 02-20-2020 10:50 PM
I have a 801 router configured to internet, so LAN pc can connect to the internet. Detail IOS is below
This setup is temporary, because now i have to connect a firewall pix 506E behind the router with users accessing the net through firewall.
I think the Eo IP of the router will now change to 213.x.x.b & external IP will now change to 213.x.x.c with BRI0 remaining unchanged i.e. 213.x.x.a. Also now the gateway for the LAN PC will be same i.e. 192.168.1.100 which will now be PIX internal IP.
Though its my first interaction with PIX, I am pasting he final IOS. Related to this if anybody can send the basic configuration to setup the PIX up & running. so that users can connect to the internet behind the firewall
Thanks a Lot
Best regards
shoeb
====================IOS==========================
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname dxb2000
!
enable secret xxxxxx
!
ip subnet-zero
!
no ip domain-lookup
isdn switch-type basic-net3
!
!
!
interface Ethernet0
ip address 192.168.1.100 255.255.255.0
ip nat inside
no cdp enable
!
interface BRI0
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
no cdp enable
ppp authentication pap callin
!
interface Dialer1
description CONNECTION TO INTERNET
ip address 213.x.x.a 255.255.255.248
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer string 4004444
dialer persistent
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxxx password xxxxx
!
ip nat pool nat-pool-0 213.x.x.a 213.x.x.a netmask 255.255.255.248
ip nat inside source list 1 pool nat-pool-0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
banner login ^C RESTRICTED ACCESS ^C
!
line con 0
password xxxxx
login
stopbits 1
line vty 0 4
password xxxxx
login
!
no rcapi server
!
!
end
07-02-2003 09:17 AM
Hi,
Pl. go thru this link -
http://www.cisco.com/warp/public/110/single-net.shtml
If you want to remove nat from the router then you can just directly follow the above link to configure your pix.
Regards,
Mynul
07-03-2003 06:46 AM
1. do i need to remove these natting from the router :
ip nat inside
ip nat outside
ip nat pool nat-pool-0 213.x.x.a 213.x.x.a netmask 255.255.255.248
ip nat inside source list 1 pool nat-pool-0 overload.
2. do i need to change the dialer1 ip to "ip unnumbered e0". i need a public internet ip to connect to the internet. i.e. 213.x.x.a ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: