Pix Configuration Help? [7:60631]
Router Configuration Help. I am currently using a Cisco 2621 router for my company firewall. Serial 0's interface (CSU/DSU) is connected to the phone company. Ethernet 0 is connected to my LAN. I currently use CBAC / ACL's to control access from Inside/Outside and vica versa. The phone company has issued me 8 static class A ip addresses, and instructed me to setup a static route to a class B Address on their side (point to point connection between my router and their router). I just purchased a PIX 515E and have some questions about the configuration behind the 2621. What is the best way to set this up? How should I set up the static route between the routers now? Should I create a point to point connection between my PIX and the 2621 using a class C address. What about Nat'ing my internal addresses to the registered addresses that have been assigned (Global)? I know I probably missing some information but hopefully we can start there. Thanks in advance Help from another below: - It would be tons-o-fun to explain all the things you can do but the best approach should be to go to this website below. It gives some great small to medium design topologies and configuration examples as well. Best of luck! start here for all the white papers: www.cisco.com/go/safe This white paper best works for your environment www.cisco.com/en/US/netsol/ns110/ns129/ns131/ns128/networking_solutions_impl ementation_white_paper09186a008009c8a0.shtml My Reply: - Thanks for the info. I read the whole paper last night well most of the 76 pages. Some really good info... I'm still looking for more configuration scenarios so keep em coming if you got em. I'm still Fuzzy about the NAT configuration using my global address in the PIX versus keep the NAT configuration on my 2621. Should I just use extended access list on the 2621 and move all the NAT configuration to the PiX box? Right now I only have a 2621 with CBAC / ACLs between the me and the outside world. This is what I THINK I should do: Remove all the NAT pool and static mappings from the 2621. Keep the ip route statement (forwarding all packets to the S0 interface), the CBAC and some extended ACLs. Next: Change the E0 port (currently connected directly to my internal network used as the Gateway) on the 2621 from the class B internal LAN address to a 192.168.0.1 255.255.255.254. Configure my PiX E0 (outside) addresss to 192.168.0.2 255.255.255.254 creating a point to poing connection between the 2621 and the PiX. Then configure E1 (inside LAN) on the PiX to a class B address that I will use as the internal subnet's gateway. Now I will issue another ip route statement on the PiX to route all 0.0.0.0 0.0.0.0 to 192.168.0.2 (E0) Now here's where I get fuzzy. What to do now? Tell the PiX the Global interface is 192.168.02? Assign a pool of the registered addresses provided by my ISP and NAT all internal class B addresses. I know there's Ton's more but any help is good help. Please feel free to interject (NE1) :) Thanks again. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60631&t=60631 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Pix Configuration Help? [7:60631]
You should let the PIX handle the NATing. Just put the 2600 and the PIX in outside interface in the same switch > > From: "[EMAIL PROTECTED]" > Date: 2003/01/08 Wed PM 01:52:48 EST > To: [EMAIL PROTECTED] > Subject: Pix Configuration Help? [7:60631] > > Router Configuration Help. > > I am currently using a Cisco 2621 router for my company firewall. Serial 0's > interface (CSU/DSU) is connected to the phone company. Ethernet 0 is > connected to my LAN. I currently use CBAC / ACL's to control access from > Inside/Outside and vica versa. > > The phone company has issued me 8 static class A ip addresses, and > instructed me to setup a static route to a class B Address on their side > (point to point connection between my router and their router). > > I just purchased a PIX 515E and have some questions about the configuration > behind the 2621. What is the best way to set this up? > > How should I set up the static route between the routers now? Should I > create a point to point connection between my PIX and the 2621 using a class > C address. What about Nat'ing my internal addresses to the registered > addresses that have been assigned (Global)? > > I know I probably missing some information but hopefully we can start there. > > Thanks in advance > > Help from another below: > - > It would be tons-o-fun to explain all the things you can do but the best > approach should be to go to this website below. It gives some great small to > medium design topologies and configuration examples as well. Best of luck! > start here for all the white papers: > www.cisco.com/go/safe > This white paper best works for your environment > www.cisco.com/en/US/netsol/ns110/ns129/ns131/ns128/networking_solutions_impl > ementation_white_paper09186a008009c8a0.shtml > > My Reply: > - > Thanks for the info. I read the whole paper last night well most of the 76 > pages. Some really good info... I'm still looking for more configuration > scenarios so keep em coming if you got em. > > I'm still Fuzzy about the NAT configuration using my global address in the > PIX versus keep the NAT configuration on my 2621. > > Should I just use extended access list on the 2621 and move all the NAT > configuration to the PiX box? > > Right now I only have a 2621 with CBAC / ACLs between the me and the outside > world. > > This is what I THINK I should do: > Remove all the NAT pool and static mappings from the 2621. Keep the ip route > statement (forwarding all packets to the S0 interface), the CBAC and some > extended ACLs. > Next: > Change the E0 port (currently connected directly to my internal network used > as the Gateway) on the 2621 from the class B internal LAN address to a > 192.168.0.1 255.255.255.254. Configure my PiX E0 (outside) addresss to > 192.168.0.2 255.255.255.254 creating a point to poing connection between the > 2621 and the PiX. Then configure E1 (inside LAN) on the PiX to a class B > address that I will use as the internal subnet's gateway. Now I will issue > another ip route statement on the PiX to route all 0.0.0.0 0.0.0.0 to > 192.168.0.2 (E0) > > Now here's where I get fuzzy. What to do now? > Tell the PiX the Global interface is 192.168.02? Assign a pool of the > registered addresses provided by my ISP and NAT all internal class B > addresses. I know there's Ton's more but any help is good help. Please feel > free to interject (NE1) :) > > Thanks again. Greg Owens 202-398-2552 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60636&t=60631 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
