Re: Pix 501 and Local Network Router (No VPN Needed)



Hi,

If you are putting a router in between the PC's and the PIX then the inside
interface of the PIX would have to be on a different subnet from the PC's.
Assuming you have done this - as the router wouldn't let you configure
overlapping addresses on it's interfaces - then you just need to add a route
onto the PIX to say that the PC subnet is via the router's interface...

In this example I have used 192.168.2.0 /24 for the PC LAN and 192.168.1.254
for your router's interface:

route inside 192.168.2.0 255.255.255.0 192.168.1.254


Regards,

Martin


"Xlat" <Xlat_999NOSPAMMING@xxxxxxxxxxx> wrote in message
news:ausnc19j7h9q5mjok19gq57fh6npcg40ec@xxxxxxxxxx
> Ok.. I have set up a 501 Pix, with a BEFSR81 Router. (sorta...)
>
> I have the pix setup to where I can get out to the internet using the
> 4-ports on it , but...
>
> I want to add the router between the pix and the pc systems for the
> internet. No go. I have worked with the router, and the pix, tried a
> couple examples (trying to remove what is related to vpn to another
> location in most examples).
>
> End goal, is to have the computers connected to the router, the router
> to the pix. I've erased and started over and over and over...
> Missing something(s) really stupid I'm sure, but anyway, for now, here
> is a pretty plane jane config that I went back to and at least does
> get the pix ports out to the net, Now what do I need to do in order to
> get the router in-between systems and pix?
>
> I don't care about VPN at all right now, but I think I will use it
> down the road. A solution that won't be compromise future VPN use
> would be great... Thanks.
>
> PIX Version 6.3(4)
> interface ethernet0 auto
> interface ethernet1 100full
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> enable password 8Ry2YjIyt7RRXU24 encrypted
> passwd 2KFQnbNIdI.2KYOU encrypted
> hostname pixfirewall
> domain-name ciscopix.com
> fixup protocol dns maximum-length 512
> fixup protocol ftp 21
> fixup protocol h323 h225 1720
> fixup protocol h323 ras 1718-1719
> fixup protocol http 80
> fixup protocol rsh 514
> fixup protocol rtsp 554
> fixup protocol sip 5060
> fixup protocol sip udp 5060
> fixup protocol skinny 2000
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> fixup protocol tftp 69
> names
> access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0
> 255.255.255.0
> pager lines 24
> mtu outside 1500
> mtu inside 1500
> ip address outside dhcp setroute
> ip address inside 192.168.1.1 255.255.255.0
> ip audit info action alarm
> ip audit attack action alarm
> pdm logging informational 100
> pdm history enable
> arp timeout 14400
> global (outside) 1 interface
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> timeout xlate 0:05:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
> 1:00:00
> timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server TACACS+ max-failed-attempts 3
> aaa-server TACACS+ deadtime 10
> aaa-server RADIUS protocol radius
> aaa-server RADIUS max-failed-attempts 3
> aaa-server RADIUS deadtime 10
> aaa-server LOCAL protocol local
> http server enable
> http 192.168.1.0 255.255.255.0 inside
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> floodguard enable
> telnet timeout 5
> ssh timeout 5
> console timeout 0
> dhcpd address 192.168.1.2-192.168.1.33 inside
> dhcpd lease 3600
> dhcpd ping_timeout 750
> dhcpd auto_config outside
> dhcpd enable inside
> terminal width 80
> Cryptochecksum:379883bdc3d87da9377c5684862ff02f
> : end
>
>
>
> Remove the nospam from my address to email me!!


.



Relevant Pages

  • Interesting problem with pix 515 UR
    ... This pix have only 2 ethernet interfaces; i have connected the ethernet0via a cross cable ... interface FastEthernet0/21 ... fixup protocol dns maximum-length 512 ... ntp server 194.100.206.70 source outside ...
    (comp.dcom.sys.cisco)
  • Re: Interesting problem with pix 515 UR
    ... Consider diabling Proxy arp on inside interface. ... This pix have only 2 ethernet interfaces; i have connected the ethernet0via a cross cable ... fixup protocol dns maximum-length 512 ... ntp server 194.100.206.70 source outside ...
    (comp.dcom.sys.cisco)
  • Firewall Questions (PIX)
    ... I am new at the PIX so please excuse... ... interface which is subnet 1, ... fixup protocol h323 1720 ...
    (comp.security.firewalls)
  • Remote access vpn using PPTP
    ... I have a PIX 515e version 6.3.The PIX is front end firewall ... with the ISA2004 connected to the inside interface of the PIX. ... fixup protocol dns maximum-length 512 ... access-group outside_access_in in interface outside ...
    (comp.security.firewalls)
  • Pix 501 and Local Network Router (No VPN Needed)
    ... I have the pix setup to where I can get out to the internet using the ... I want to add the router between the pix and the pc systems for the ... fixup protocol dns maximum-length 512 ... aaa-server RADIUS max-failed-attempts 3 ...
    (comp.dcom.sys.cisco)