From: john matijevic (john.matijevic@gmail.com)
Date: Wed Jul 19 2006 - 22:07:21 ART
Hello Kay,
Please post your configs.
Sincerely,
John Matijevic
On 7/19/06, Marvin Greenlee <marvingreenlee@yahoo.com> wrote:
>
> (syntax and specifics different for 7.0/later)
>
> Basic Pix needs (beyond power, network connectivity
> and IP addresses.)
> 1. Routing
> 2. Translation
> 3. Access List
>
> 1. Does the PIX have routes for the networks that you
> want to translate (Are these directly connected, or
> some distant network?)
>
>
> 2. Translation
>
> Translation is done with either a static, or a
> nat/global pairing. Below are a few short examples.
>
>
> In example A, there are two sets of PAT, overloading
> to interface addresses.
> 1 - traffic from the DMZ interface is translated to
> the global outside address.
> 2 - traffic sourced from the internet and dmz
> interfaces is translated to the inside interface
> address.
>
> *** Begin A ***
> global (outside) 1 interface
>
> global (inside) 2 interface
>
> global (dmz) 2 interface
>
> nat (dmz) 1 0.0.0.0 0.0.0.0 0 0
>
> nat (internet) 2 0.0.0.0 0.0.0.0 0 0
>
>
> **** End A **
>
> In example B, a static is used to translate the inside
> address 192.168.11.11 to 63.63.63.63 on the outside
> interface.
>
> ** Begin B **
> static (inside,outside) 63.63.63.63 192.168.11.11
> netmask 255.255.255.255 0 0
>
> ** End B **
>
> Note: Format of static is (local, global) global
> local
>
> static (inside, outside) 63.63.63.63 192.168.11.11
> would translate the real device address of
> 192.168.11.11 (on the inside) to the address
> 63.63.63.63 on the outside interface.
>
> static (outside, inside) 192.168.11.11 63.63.63.63
> would translate the real device address of 63.63.63.63
> (on the outside) to 192.168.11.11 on the inside
> interface.
>
> 3. Access list - is the traffic being permitted "in"
> to the interfaces on the PIX.
>
>
> Check out the examples listed below. With the basic
> understanding of the information presented above, the
> first one should be pretty easy to understand.
>
> Cisco - Configuring the PIX Firewall with Mail Server
> Access on Inside Network -
>
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094466.shtml
>
> Cisco - PIX configuration examples -
>
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html
>
> --- Kay D <krsna83@gmail.com> wrote:
>
> > Hi ,
> > I am using Pix 515e with ver 6.3 as a
> > replacement to a router .
> > Simple task of allowing any
> > packets from outside to inside interface is not
> > happening :(
> > I tried using access-list abc permit any any and
> > access-group abc ,
> > should i add the static(outside,inside) command
> > along with it .
> >
> > Please help me with this , this is the first time i
> > am working on pix .
> >
> >
> > Kay
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- John Matijevic U.S. Installation Group Senior Network Engineer 954-969-7160 ext. 1147 (office) 305-321-6232 (cell)
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART