PIX Help [7:64634]
I have a PIX 506 with two interfaces. The PIX is only used between to private network segements for some political reason. Here the description is: PIX outside interface is on 198.199.199.0 network and PIX outside interace address is 198.199.199.1 connected to Cataylyst switch. PIX Inside interface is on 172.16.17.0 network and the Inside interace adddress is 172.16.17.2 is connected to another catalyst switch. The internal router is also connected to catalyst switch and the ip address of the router is 172.16.17.1. I have configured the access-list to allow outside hosts to access traffic on inside network. In order for traffic to go through between the PIX and internal router, I asked customer to build a static route on a router such as Ip route 198.199.199.0 255.255.255.0 172.16.17.2, but instead they want to do NAT to translate outside address to the inside address. For some political reason, they can't build the route into a router. Is address translation possible between to private segments. I don't think it is possible, and my reason are: If I use any fake segment such as 192.168.1.0, just for translate customer's outside network to inside address, then I will have to put my PIX's outside address on this fake segement. Outside hosts default gateway will still be pointing at 198.199.199.1 address, and since there is no router between the PIX's outside network and catalyst switch, then the traffic from the hosts will not be able to reach to the PIX. Is there any other solutions to provide connectivity between PIX outside network and the Internal router without being installing a route into a Internal router. ___ Join Excite! - http://www.excite.com The most personalized portal on the Web! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64634t=64634 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Firewall/PIX help.... [7:63167]
I think your better of just setting up something like snort as and IDS, I know you want it all integrated. The IDS on the pix though not totally worthless I have not found much use for it and with only 59 signatures well it is sort of half baked in my opinion. -Original Message- From: Thomas Larus [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 9:27 PM To: [EMAIL PROTECTED] Subject: Re: Firewall/PIX help [7:63167] Sonic Wall Firewalls can do some content filtering and there is an antivirus option you can get. No IDS, though. Pix has a rudimentary IDS, as has been stated. It has 59 signatures or so. Tom Larus Gunjan Mathur wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I'm looking for firewall solution for my company, we have two WAN connections and currently my users are connected thru two proxy m/c to Internet. Which PIX model would server the needs. I also need content filtering, Intrustion detection and Anti-virus protection on firewall itself. Is all these things are possible on PIX? TIA __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63360t=63167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewall/PIX help.... [7:63167]
PIX does not have Antivirus, IDS, or content filtering bultin. I don't think I know of any hardware based firewalls that do. You may have to look into a software based solution. Maybe computer associates or Symantec make such a suite. Gunjan Mathur wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I'm looking for firewall solution for my company, we have two WAN connections and currently my users are connected thru two proxy m/c to Internet. Which PIX model would server the needs. I also need content filtering, Intrustion detection and Anti-virus protection on firewall itself. Is all these things are possible on PIX? TIA __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63280t=63167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Firewall/PIX help.... [7:63167]
The PIX does have IDS capabilities, but very rudimentary. no anti-virus or content filtering. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63296t=63167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Firewall/PIX help.... [7:63167]
I thought the PIX can do content filtering if hooked up with websense? Doesn't it use WCCP to do this. Sonicwall says it can do inbuilt anti-virus, content filtering. But it looks like its a subscription based service so it's not really your firewall doing these functions. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 8:42 AM To: [EMAIL PROTECTED] Subject: RE: Firewall/PIX help [7:63167] The PIX does have IDS capabilities, but very rudimentary. no anti-virus or content filtering. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63306t=63167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Firewall/PIX help.... [7:63167]
Sonic Wall Firewalls can do some content filtering and there is an antivirus option you can get. No IDS, though. Pix has a rudimentary IDS, as has been stated. It has 59 signatures or so. Tom Larus Gunjan Mathur wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I'm looking for firewall solution for my company, we have two WAN connections and currently my users are connected thru two proxy m/c to Internet. Which PIX model would server the needs. I also need content filtering, Intrustion detection and Anti-virus protection on firewall itself. Is all these things are possible on PIX? TIA __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63308t=63167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Firewall/PIX help.... [7:63167]
Hi, I'm looking for firewall solution for my company, we have two WAN connections and currently my users are connected thru two proxy m/c to Internet. Which PIX model would server the needs. I also need content filtering, Intrustion detection and Anti-virus protection on firewall itself. Is all these things are possible on PIX? TIA __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63167t=63167 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX HELP ----SECURITY
We have DNS serve with the conduit below open , however someone used our DNS server to do ftp... conduit permit udp hostx.x.1.42 eq domain any I am relatively new to PIX. I have concerns regarding our security and am in the process of learning an cleaning some conduits in my config. According to PIX documentation , the commands below offer additional security,. Is it a good idea to enable these commands, and would they provide extra level of security, whats the tradeoff of enablilng them ? no sysopt security fragguard no sysopt connection enforcesubnet no sysopt connection timewait sysopt connection tcpmss 1460 Are ther other commands that could help to tweak up security on a general... Mo Durrani IST WYSE\EDS phone:408-473 1246 [EMAIL PROTECTED] [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Help
--- Austin [EMAIL PROTECTED] wrote: I am using a static mapping on the pix for an inside illegal address to an outside legal address. I want to allow the inside machine to be pinged from the outside as well as allow http traffic to that machine. Lets say the inside address is 10.1.1.5 and the internet legal address is 45.33.20.5 This is what I did: static (inside, outside) 45.33.20.5 10.1.1.5 conduit permit icmp host 45.33.20.5 any conduit permit tcp host 45.33.20.5 eq www any I cannot ping the inside machine from the internet with this config. Please help. Thanks. What are your global commands? Do a show global and send them in. Also, whenever making changes do a write mem and then clear xlate Rgds Ben = Ben Lovegrove, CCNP (+ Security) Redspan Solutions Ltd http://www.redspan.com http://www.bensbookmarks.com Cisco: Products, Training, Jobs, Study Guides, Resources. Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX Help
I am using a static mapping on the pix for an inside illegal address to an outside legal address. I want to allow the inside machine to be pinged from the outside as well as allow http traffic to that machine. Lets say the inside address is 10.1.1.5 and the internet legal address is 45.33.20.5 This is what I did: static (inside, outside) 45.33.20.5 10.1.1.5 conduit permit icmp host 45.33.20.5 any conduit permit tcp host 45.33.20.5 eq www any I cannot ping the inside machine from the internet with this config. Please help. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Help
Make sure the translation is in the xlate table ( sh xlate ). If not ping out from the inside host then check it again. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Austin Sent: Thursday, November 09, 2000 12:50 PM To: [EMAIL PROTECTED] Subject: PIX Help I am using a static mapping on the pix for an inside illegal address to an outside legal address. I want to allow the inside machine to be pinged from the outside as well as allow http traffic to that machine. Lets say the inside address is 10.1.1.5 and the internet legal address is 45.33.20.5 This is what I did: static (inside, outside) 45.33.20.5 10.1.1.5 conduit permit icmp host 45.33.20.5 any conduit permit tcp host 45.33.20.5 eq www any I cannot ping the inside machine from the internet with this config. Please help. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Help
Not working .. it is translated ... ""Plambeck, Todd"" [EMAIL PROTECTED] wrote in message 616662531243D411887000805F65999503C341@HTSCORPPDC">news:616662531243D411887000805F65999503C341@HTSCORPPDC... Make sure the translation is in the xlate table ( sh xlate ). If not ping out from the inside host then check it again. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Austin Sent: Thursday, November 09, 2000 12:50 PM To: [EMAIL PROTECTED] Subject: PIX Help I am using a static mapping on the pix for an inside illegal address to an outside legal address. I want to allow the inside machine to be pinged from the outside as well as allow http traffic to that machine. Lets say the inside address is 10.1.1.5 and the internet legal address is 45.33.20.5 This is what I did: static (inside, outside) 45.33.20.5 10.1.1.5 conduit permit icmp host 45.33.20.5 any conduit permit tcp host 45.33.20.5 eq www any I cannot ping the inside machine from the internet with this config. Please help. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Help
Also check your "outbound" statements. The default is to allow all traffic from inside. It can be configured to deny all traffic as follows: outbound 1 deny 0.0.0.0 0.0.0.0 1-65535 udp outbound 1 deny 0.0.0.0 0.0.0.0 1-65535 tcp Then permit statements open up only the desired flows. If your config is similar then make sure that your host is allowed to reply. -Original Message- From: Austin [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 09, 2000 2:55 PM To: [EMAIL PROTECTED] Subject: Re: PIX Help Not working .. it is translated ... ""Plambeck, Todd"" [EMAIL PROTECTED] wrote in message 616662531243D411887000805F65999503C341@HTSCORPPDC">news:616662531243D411887000805F65999503C341@HTSCORPPDC... Make sure the translation is in the xlate table ( sh xlate ). If not ping out from the inside host then check it again. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Austin Sent: Thursday, November 09, 2000 12:50 PM To: [EMAIL PROTECTED] Subject: PIX Help I am using a static mapping on the pix for an inside illegal address to an outside legal address. I want to allow the inside machine to be pinged from the outside as well as allow http traffic to that machine. Lets say the inside address is 10.1.1.5 and the internet legal address is 45.33.20.5 This is what I did: static (inside, outside) 45.33.20.5 10.1.1.5 conduit permit icmp host 45.33.20.5 any conduit permit tcp host 45.33.20.5 eq www any I cannot ping the inside machine from the internet with this config. Please help. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Help
How do I make sure my host is allowed to reply? Is there a config that I need to put on the PIX? I do want all traffic from the inside going out. Thanks. "Daniel Cotts" [EMAIL PROTECTED] wrote in message 303479FA060CD211B893F805A88AA10C61@EXCHANGE1">news:303479FA060CD211B893F805A88AA10C61@EXCHANGE1... Also check your "outbound" statements. The default is to allow all traffic from inside. It can be configured to deny all traffic as follows: outbound 1 deny 0.0.0.0 0.0.0.0 1-65535 udp outbound 1 deny 0.0.0.0 0.0.0.0 1-65535 tcp Then permit statements open up only the desired flows. If your config is similar then make sure that your host is allowed to reply. -Original Message- From: Austin [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 09, 2000 2:55 PM To: [EMAIL PROTECTED] Subject: Re: PIX Help Not working .. it is translated ... ""Plambeck, Todd"" [EMAIL PROTECTED] wrote in message 616662531243D411887000805F65999503C341@HTSCORPPDC">news:616662531243D411887000805F65999503C341@HTSCORPPDC... Make sure the translation is in the xlate table ( sh xlate ). If not ping out from the inside host then check it again. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Austin Sent: Thursday, November 09, 2000 12:50 PM To: [EMAIL PROTECTED] Subject: PIX Help I am using a static mapping on the pix for an inside illegal address to an outside legal address. I want to allow the inside machine to be pinged from the outside as well as allow http traffic to that machine. Lets say the inside address is 10.1.1.5 and the internet legal address is 45.33.20.5 This is what I did: static (inside, outside) 45.33.20.5 10.1.1.5 conduit permit icmp host 45.33.20.5 any conduit permit tcp host 45.33.20.5 eq www any I cannot ping the inside machine from the internet with this config. Please help. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX Help
By default all outbound traffic is allowed unless specifically denied. My first post assumed that someone else may have configured the PIX and that it might be denying traffic. To verify if that might be true I showed how it could be done. If you are the only person configuring that PIX then you don't need to worry about the point that I made. Do you have any other PCs behind the PIX that are using static translations and are working? Is there an internal router? Can internal users access your server? -Original Message- From: Austin [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 09, 2000 3:57 PM To: [EMAIL PROTECTED] Subject: Re: PIX Help How do I make sure my host is allowed to reply? Is there a config that I need to put on the PIX? I do want all traffic from the inside going out. Thanks. "Daniel Cotts" [EMAIL PROTECTED] wrote in message 303479FA060CD211B893F805A88AA10C61@EXCHANGE1">news:303479FA060CD211B893F805A88AA10C61@EXCHANGE1... Also check your "outbound" statements. The default is to allow all traffic from inside. It can be configured to deny all traffic as follows: outbound 1 deny 0.0.0.0 0.0.0.0 1-65535 udp outbound 1 deny 0.0.0.0 0.0.0.0 1-65535 tcp Then permit statements open up only the desired flows. If your config is similar then make sure that your host is allowed to reply. -Original Message- From: Austin [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 09, 2000 2:55 PM To: [EMAIL PROTECTED] Subject: Re: PIX Help Not working .. it is translated ... ""Plambeck, Todd"" [EMAIL PROTECTED] wrote in message 616662531243D411887000805F65999503C341@HTSCORPPDC">news:616662531243D411887000805F65999503C341@HTSCORPPDC... Make sure the translation is in the xlate table ( sh xlate ). If not ping out from the inside host then check it again. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Austin Sent: Thursday, November 09, 2000 12:50 PM To: [EMAIL PROTECTED] Subject: PIX Help I am using a static mapping on the pix for an inside illegal address to an outside legal address. I want to allow the inside machine to be pinged from the outside as well as allow http traffic to that machine. Lets say the inside address is 10.1.1.5 and the internet legal address is 45.33.20.5 This is what I did: static (inside, outside) 45.33.20.5 10.1.1.5 conduit permit icmp host 45.33.20.5 any conduit permit tcp host 45.33.20.5 eq www any I cannot ping the inside machine from the internet with this config. Please help. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: urgent PIX help AGAIN
Thank you! One more question: when I configure PIX as DHCP server, it only allows 10 addresses in the pool. Here is what I got: pixfirewall(config)# dhcpd address 10.1.1.101-10.1.1.150 inside Number of addresses exceeds limit Is 10 max? Thanks in advance. Jim --- Todd Plambeck [EMAIL PROTECTED] wrote: In the new version of PIX software 5.2(1) you can nat to an interface. Instead of the old command "global (outside) 1 x.x.x.x" use the command " global (outside) 1 interface ". You can read up on this new feature at: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/pixrn522.htm#xtocid752631 I hope this helps. Todd CCNP/CCDP Jim Bond wrote: Hello, I have only 1 ip address assigned by my ISP, how can I use PIX to do NAT? Looks like PIX requires at least 2 outside ip addresses, one for outside interface, one for PAT. Is there a way to use only 1 ip address? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: urgent PIX help AGAIN
I just installed a PIX-506 and 10 was the max. I believe, though am not certain, this is the case accross all hardware platforms running 5.2 software. HTH Greg "Jim Bond" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thank you! One more question: when I configure PIX as DHCP server, it only allows 10 addresses in the pool. Here is what I got: pixfirewall(config)# dhcpd address 10.1.1.101-10.1.1.150 inside Number of addresses exceeds limit Is 10 max? Thanks in advance. Jim --- Todd Plambeck [EMAIL PROTECTED] wrote: In the new version of PIX software 5.2(1) you can nat to an interface. Instead of the old command "global (outside) 1 x.x.x.x" use the command " global (outside) 1 interface ". You can read up on this new feature at: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/pixrn522.h tm#xtocid752631 I hope this helps. Todd CCNP/CCDP Jim Bond wrote: Hello, I have only 1 ip address assigned by my ISP, how can I use PIX to do NAT? Looks like PIX requires at least 2 outside ip addresses, one for outside interface, one for PAT. Is there a way to use only 1 ip address? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: urgent PIX help AGAIN
YES. PIX506 is made for small office with less than 10 computers. If you have more, keep DHCP services on your NT or Novell server. Sam Thank you! One more question: when I configure PIX as DHCP server, it only allows 10 addresses in the pool. Here is what I got: pixfirewall(config)# dhcpd address 10.1.1.101-10.1.1.150 inside Number of addresses exceeds limit Is 10 max? Thanks in advance. Jim --- Todd Plambeck [EMAIL PROTECTED] wrote: In the new version of PIX software 5.2(1) you can nat to an interface. Instead of the old command "global (outside) 1 x.x.x.x" use the command " global (outside) 1 interface ". You can read up on this new feature at: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/pixrn522.h tm#xtocid752631 I hope this helps. Todd CCNP/CCDP Jim Bond wrote: Hello, I have only 1 ip address assigned by my ISP, how can I use PIX to do NAT? Looks like PIX requires at least 2 outside ip addresses, one for outside interface, one for PAT. Is there a way to use only 1 ip address? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: urgent PIX help AGAIN
One more question: when I configure PIX as DHCP server, it only allows 10 addresses in the pool. Is 10 max? Yes, 10 is max. It's in the command reference. The PIX wasn't meant to be a large-scale DHCP server. It's a firewall and if you need extensive DHCP server capabilities, you should run that on another platform. -A -- Heroes: Vint Cerf Bob Kahn, Leonard Kleinrock, Robert Metcalfe Links : http://www.hojmark.org/networking/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: urgent PIX help
Not that Im aware of. I thought you need (2) IPs to do NAT on a PIX (one for the external interface, and one for the NAT statement). I could be wrong...(it's happened before, once or twice! :) -Brad Ellis CCIE#5796 [EMAIL PROTECTED] used cisco hardware: www.optsys.net cisco certification newsgroup: news://news.optsys.net/cisco.certification "Jim Bond" [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I have only 1 ip address assigned by my ISP, how can I use PIX to do NAT? Looks like PIX requires at least 2 outside ip addresses, one for outside interface, one for PAT. Is there a way to use only 1 ip address? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: urgent PIX help
In the new version of PIX software 5.2(1) you can nat to an interface. Instead of the old command "global (outside) 1 x.x.x.x" use the command " global (outside) 1 interface ". You can read up on this new feature at: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/pixrn522.htm#xtocid752631 I hope this helps. Todd CCNP/CCDP Jim Bond wrote: Hello, I have only 1 ip address assigned by my ISP, how can I use PIX to do NAT? Looks like PIX requires at least 2 outside ip addresses, one for outside interface, one for PAT. Is there a way to use only 1 ip address? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: urgent PIX help
PIX 5.21 code is out now. It supports hiding behind interface IP address. Sam Hello, I have only 1 ip address assigned by my ISP, how can I use PIX to do NAT? Looks like PIX requires at least 2 outside ip addresses, one for outside interface, one for PAT. Is there a way to use only 1 ip address? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: urgent PIX help
I have only 1 ip address assigned by my ISP, how can I use PIX to do NAT? Looks like PIX requires at least 2 outside ip addresses, one for outside interface, one for PAT. Is there a way to use only 1 ip address? PIX software 5.2(1) allows you to do this, sort of like the IOS 'overload' parameter to the 'ip nat' command. Try this nat (inside) 1 0 0 global (outside) 1 interface HTH, -A -- Heroes: Vint Cerf Bob Kahn, Leonard Kleinrock, Robert Metcalfe Links : http://www.hojmark.org/networking/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
urgent PIX help
Hello, I have only 1 ip address assigned by my ISP, how can I use PIX to do NAT? Looks like PIX requires at least 2 outside ip addresses, one for outside interface, one for PAT. Is there a way to use only 1 ip address? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]