making server accessible from the internet

[wellerw]

HI all,

I am trying to figure out what I need to make my network accessible from the internet. I have read so many different articles that i am becoming majorly confused.

Would someone mind sparing a few minutes to help me out?.
---------------------------------------------------------
The scenario is:

I have two servers on my internal network. These are connected to a switch with all the the client workstations.

My Internet Connection is provided by NTL ADSL, this is connected to a Cisco Pix 501 Firewall which is also connected to my main Switch.

The NTL connection has an IP Address which I can ping from a dial up internet connection (well, I assume it is this box I am pinging).

My PDC has two NIC’s, one of these I have configured with a Static Ip address given to me by NTL, I have name this connection ‘internet’ and the default gateway for this connection is the NTL Connection. The PDC and Workstations are using my Pix Firewall as the default Gateway.

My question is : What do I need to install, or do, to make my Network accessible from the internet? Should I be able to ping my ‘internet’ connection from the internet?

Thanks in Advance.
Now…Where are my Headache tablets?

 

[brontosaurus]

it may be easier if you draw a simple diagram of those hardware components so we can see the "path" to the internet.

 

[wellerw]

ok

Clients
| -------Servers
| |
-------------
- switch -
-------------
|
|
|
---------------
- PIX 501 -
---------------
|
|
|
to internet ---------------
----------------------- NTL ADSL -
---------------

 

[brontosaurus]

OK. how many Public IP's did they give you?

 

[wellerw]

I've been given 4 Ip Addresses. They have given me a Network Address.

 

[brontosaurus]

You'll probably want to set up NAT translation on the PIX then, using the IP of the outside interface which you can make public (so it's actually PAT). Keep all of your inside network "private". So, all of your internal machines would use the PIX internal interface as the default gateway, the PIX would NAT/PAT those IP's as they traverse through it, and send them out the external interface. for internet users to access internal resources, you'll need to set up access lists and static mappings on the PIX for the specific services you want to allow.
And yes, that IP you can ping from the internet at this time is likely your DSL router.

 

[wellerw]

so I need to configure the outside interface of my pix501, should I give it one of my NTL Static ip addresses?

 

[brontosaurus]

yes. and remember that you need to provide the correct mask as well. so , for example, if the ISP gave you 4 IP's, it may be the case that they subnetted a class C range making your mask 255.255.255.252 , but that's just an example, you'd know better than me how they handled it...

 

[wellerw]

ok, yes they gave me a subnet mask.

Thanks a lot for your help, I really appreciate it!.

Now....where's that pix documentation?

 

[brontosaurus]

if you can't find it, go here....

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/index.htm