Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Initial PIX 506 Setup Unsuccessful

Status
Not open for further replies.
hungerf5

hungerf5

IS-IT--Management
Sep 17, 2001
36
US
What is an ideal setup for a PIX 506 with the following network setup:

Router Nortel Baystack 100-S:
Internet IP Address - 206.115.54.X
Internal - 192.168.2.1
Email is nat'ed to a server inside the PIX
I think the router is Nat'ing the external IP

PIX:
Outside- 192.168.2.1
Inside- 192.168.1.1

Network:
IP Range - 192.168.1.2-192.168.1.250
Running DHCP
Default Gateway 192.168.1.1

I tried Cisco's setup for 2 Ports with Nat and it wouldn't work.

The variables I don't understand:

Should the PIX and the Router be running NAT?

How to make a static route in the router?
It asks for a Gateway, an IP address, Bits, Metric
I would supply 192.168.2.1, 192.168.1.1, 24, 1

The Cisco guy had me do a global (outside, inside) 1
this allowed me to ping the router from inside the PIX but that's it. This PATs the outside interface?

What about IP Forwarding on the router? Is it relevant?

My head is spinning at this point....

--Rick


 
Sort by date Sort by votes
HI!

The recommended and most common configuration, is that the router only does routing and not NAT, and the PIX should NAT outbound connections.

For this you need:
* A good planning.
* A block of registered IP addresses (atleast 4) in the same subnet from your ISP. The minimum 4 IP addresses will be used for:
1 - The router inside ethernet interface.
2 - The PIX outside interface.
3 - Address used for PAT for outbound connections.
4 - Address used for STATIC NAT from outside to the mail server.
(This should match the MX record configuration in DNS).
A block of 8 addresses is recommended for future additions like a web server.
* The router should be configured without the NAT, and with an external IP of a different subnet.
* You will need to configure the PIX ofcourse.
If you don't know how - better read the whole manuals and some samples from Cisco, or better aquire some help.
It is not so dificult to configure, but you have to do it right.

Take a look here:

Bye
Yizhar



Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
192
hairlessupportmonkey
hairlessupportmonkey
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
108
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
148
brownmab53
brownmab53
quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
210
quazimotto
quazimotto
quazimotto
  • Locked
  • Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
88
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top