simple config pix 501

[rrappailles]

They told me to buy a Cisco Pix to make a firewall and a vpn dail-in connection to a Windows Based Terminal server.

I have search 2 day's for a configuration but no luck.
My hardware config is fixed IP address from my ISP (62.x.x.183) a DSL-Modem using NAT (172.16.200.1) a cisco pix (172.16.200.2) outside and an inside ip address 192.168.1.1. My terminal server has Ip address 192.168.1.2

Can anyone help me ???

 

[LoopyLoo]

I had the same problem. I had to change the set up I got from my ISP to be a subnet of 8 addresses. I then created a mapped IP from the outside of the PIX (which now has a realworld IP address) to the terminal server inside.

E.g. - Router - 62.x.x.183
Pix - 62.x.x.184
Internal server - 192.168.1.2
Mapped IP - 62.x.x.185 -> 192.168.1.2

Then make sure your access lists are set up to allow inbound access on the correct ports.

 

[rrappailles]

thanks, but I have only 1 ip number and 1 server.

Has anyone a complete listing of a config thant I have to put in my pix.

Thanks

 

[yizhar]

HI.

The best solution as LoopyLoo wrote is to use a range or registered addresses and disable NAT on the router.

But you can try to configure the router with port forward of TCP 3389 to the pix (either to the pix own interface IP or a different one in the 172.16.200.x subnet), and then configure port forwarding on the pix that will point to the server.
Another similar option is to configure the router to forward any traffic to the pix.

Contact your ISP support about what can be done and how to do it with the cable router.

Take a look here about port forwarding with the pix:
Cisco - Using nat, global, static, conduit, and access-list Commands and Port Redirection on PIX

http://www.cisco.com/warp/public/707/28.html

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar