06-16-2003 07:24 PM - edited 03-09-2019 03:41 AM
Hi, i want to config outside Nic ip address difference with outside globle ip address.
for example ,my pix outside interface ip address is 172.16.1.1/30,and pix globle ip add is 61.131.1.1~61.131.1.100, is it possible ?
ip add outside 172.16.1.1 255.255.255.252
nat 1 0 0
globle (outside) 1 61.131.1.1 61.131.1.50
static (inside ,outside) 61.131.1.100 172.16.100.1
06-16-2003 07:31 PM
yes. That is possible as long as the router on the outside knows to route packets for those addresses to the Pix.
-S
06-16-2003 07:40 PM
--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --
Hi,
I'm having problem regarding PIX 501. i want to use it as a gateway for my users to access the internet.
workstation---------------switch-----------firewall----------dslmodem----------------internet
Pls check my current configuration
: Saved
: Written by enable_15 at 11:50:14.727 UTC Tue May 27 2003
PIX Version 6.2(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password xxxxxxxxx encrypted
passwd xxxxxxxxxxxxx encrypted
hostname firewall
domain-name proxy.(ISPNAME).net.ph
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.200.0 255.255.255.0
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
mtu outside 1500
mtu inside 1500
ip address outside nnn.nnx.x 255.255.255.x
ip address inside 192.168.1.x 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (ouside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 nnn.nnx.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.1.x 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set xxxxxx esp-3des esp-md5-hmac
crypto map transam 1 ipsec-isakmp
crypto map transam 1 match address 101
crypto map transam 1 set peer xxx.xxx.x.x
crypto map transam 1 set transform-set xxxxxx
crypto map transam interface outside
isakmp enable outside
isakmp key ******** address xxx.xxx.x.x netmask 255.255.255.255
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash md5
isakmp policy 1 group 1
isakmp policy 1 lifetime 1000
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:edit
Any suggestion is highly appreciated
thanks
Mhel
06-17-2003 04:01 AM
To your line: global (ouside) 1 interface
should be : global (outside) ... instead.
Ben
06-18-2003 04:13 PM
Ben,
Sorry that is only a typo error. But other than that, what seems to be the problem?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: