Cisco PIX 501 Lab review 1

[Phantom309]

I've put together a PIX 501 Lab and would like some opinions on it's validity. The lab is designed to configure a PIX 501 with the 6 basic commands and allow ICMP to travel from point host A to Server B to test the configuration. I've tested the lab and it seems to work fine but it maybe missing something.

Any constructive input would be greatly appreciated. This is part of a capstone project for my BS degree in networking. This lab is the first in a series that I'll use to create a video training course for configuring the PIX 501 to complete my degree requirements.

http://www.clkcomputer.com/pix_labs/pix501_lab1.pdf

Thanks in advance.

Phantom309

 

[dopehead]

Looks nice, i like your step-by-step explanation and approach to configuring. One thing that i noticed is that you are using a pool of addresses, just keep in mind when using a pool with more than one address, you will not be using pat and as such, not many pc's will be able to communicate at once.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec

 

[Phantom309]

Thanks Dopehead,

Could you elaberate just a little by saying how you would change the NAT address pool command syntax to use PAT instead of what is written? Thanks.

Phantom309

 

[dopehead]

Well, if this config is supposed to support more simultaneous users than the ip addresses you have defined in your global statement, the pix needs to utilize Port address translation, ie nat'ing based on src addr/dest addr and src port/dst port instead, this will support many more users. Command would just be "global (outside) x x.x.x.x" instead , the pix will interpret this as that it is supposed to PAT and not dynamically one-to-one nat the hosts behind the pix.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec

 

[lgarner]

The Pix will use the last global address for PAT.

 

[dopehead]

Since what version ? i have always had problems with session count when using a pool.

Jan


Network Systems Engineer
CCNA/CQS/CCSP/Infosec