cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
294
Views
0
Helpful
4
Replies

Is that possible ?

lprong
Level 1
Level 1

Hi, i want to config outside Nic ip address difference with outside globle ip address.

for example ,my pix outside interface ip address is 172.16.1.1/30,and pix globle ip add is 61.131.1.1~61.131.1.100, is it possible ?

ip add outside 172.16.1.1 255.255.255.252

nat 1 0 0

globle (outside) 1 61.131.1.1 61.131.1.50

static (inside ,outside) 61.131.1.100 172.16.100.1

4 Replies 4

shannong
Level 4
Level 4

yes. That is possible as long as the router on the outside knows to route packets for those addresses to the Pix.

-S

--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --

Hi,

I'm having problem regarding PIX 501. i want to use it as a gateway for my users to access the internet.

workstation---------------switch-----------firewall----------dslmodem----------------internet

Pls check my current configuration

: Saved

: Written by enable_15 at 11:50:14.727 UTC Tue May 27 2003

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password xxxxxxxxx encrypted

passwd xxxxxxxxxxxxx encrypted

hostname firewall

domain-name proxy.(ISPNAME).net.ph

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.200.0 255.255.255.0

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside nnn.nnx.x 255.255.255.x

ip address inside 192.168.1.x 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

global (ouside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 nnn.nnx.x 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http 192.168.1.x 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set xxxxxx esp-3des esp-md5-hmac

crypto map transam 1 ipsec-isakmp

crypto map transam 1 match address 101

crypto map transam 1 set peer xxx.xxx.x.x

crypto map transam 1 set transform-set xxxxxx

crypto map transam interface outside

isakmp enable outside

isakmp key ******** address xxx.xxx.x.x netmask 255.255.255.255

isakmp identity address

isakmp policy 1 authentication pre-share

isakmp policy 1 encryption 3des

isakmp policy 1 hash md5

isakmp policy 1 group 1

isakmp policy 1 lifetime 1000

telnet timeout 5

ssh timeout 5

terminal width 80

Cryptochecksum:edit

Any suggestion is highly appreciated

thanks

Mhel

To your line: global (ouside) 1 interface

should be : global (outside) ... instead.

Ben

Ben,

Sorry that is only a typo error. But other than that, what seems to be the problem?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: