Pix Configuration

thestagman · ‎01-12-2007

Can anyone tell me what the syntax is to configur a Pix to allow clients from 10.10.10.0 to talk to 20.20.20.0 on port 5000. There is no natting on this Pix.

Thanks

royalblues · ‎01-12-2007

Friend

Where are the networks postioned on the firewall -inside, outside or inside, DMZ

Can you post your existing configuration of the PIX

You can have a look at the following link

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/bafwcfg.htm#29374

HTH

Narayan

thestagman · ‎01-12-2007

It does'nt matter as I used them as an example.

Outside = 10.10.10.0

inside = 20.20.20.0

Its a virgin Pix, I understand the rest its just the configuration to allow one network to talk to another with no NAT configured.

sachinraja · ‎01-14-2007

Hello Mike,

you need to configure 2 things here. first static and then access-list... for the access between these servers, u need to do the following:

static (inside,outside) 10.10.10.10 20.20.20.20 netmask 255.255.255.255

access-list outside permit tcp host 10.10.10.10 host 20.20..20.20 eq 5000

access-group outside in interface outside

Do this and let us know if it works.. all the best.. rate replies if found useful..

Raj

Jon Marshall · ‎01-15-2007

Raj

I'm not sure this will work. If the clients are on the outside and addressed as 10.10.10.0/24 and the servers are on the inside addressed as 20.20.20.0/24 then i think you would need

static (inside,outside) 20.20.20.0 20.20.20.0 netmask 255.255.255.0

access-list outside permit tcp 10.10.10.0 255.255.255.0 20.20.20.0 255.255.255.0 eq 5000

access-group outside in interface outside

HTH

sachinraja · ‎01-15-2007

uff.. Jon.. u r right.. i actually misread the question.. i think its wise to go the steps given by you... you can also use a nat 0 for to accomplish this ....

Raj