Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   PIX PDM newbie (http://www.velocityreviews.com/forums/t39291-pix-pdm-newbie.html)

Sami 05-19-2005 04:30 AM

PIX PDM newbie
 
Hi,

we are upgrading our FW (nokia ip530) to Cisco pix 515 with graphic PDM
(3.0). Since I don't have any experience of Cisco firewalls I'd like to ask
a couple of questions.

In Nokia IP530 if we wanted to permit IP traffic i.e from external (outside)
host 10.20.30.40 to an internal (inside) host 10.30.40.50 all we had to do
was make one rule permitting traffic from inside to outside and another rule
to permit traffic from outside to inside.

Now with this PIX it seems that the configuration is not that simple...it
seems like we have to define NAT also. Is it possible to permit the traffic
without using NAT?

If NAT must be used how do we have to configure the PIX?

Thanks in advance

-Sami R



Brian 05-19-2005 09:48 AM

Re: PIX PDM newbie
 
You must have either NAT or a static command configured. If you are
using public IPs behind the firewall, then you can use a static command
instead of NAT.
I.E. static (inside,outside) 10.30.40.0 10.30.40.0 netmask
255.255.255.0 0 0

That will allow traffic to flow from the inside out. After that, you
will configure the PIX to accept traffic from the external host as you
described.


Sami 05-19-2005 11:23 AM

Re: PIX PDM newbie
 

"Brian" <brian.dickerson@gmail.com> wrote in message
news:1116496090.335202.54060@g49g2000cwa.googlegro ups.com...
> You must have either NAT or a static command configured. If you are
> using public IPs behind the firewall, then you can use a static command
> instead of NAT.
> I.E. static (inside,outside) 10.30.40.0 10.30.40.0 netmask
> 255.255.255.0 0 0
>
> That will allow traffic to flow from the inside out. After that, you
> will configure the PIX to accept traffic from the external host as you
> described.


Is there any global command to make all the external addresses static
without having to enter the static (inside,outside)... to every external
host?

Is this "static" = static NAT?

-Sami



TC 05-19-2005 11:45 AM

Re: PIX PDM newbie
 
The command Brian posted will make all inside hosts appear on the outside
with their own addresses:

static (inside,outside) 10.30.40.0 10.30.40.0 netmask 255.255.255.0 0 0

This is called a network static.

/TC

"Sami" <sami.a.rasanen@sikanautaa.kolumbus.fi> skrev i meddelandet
news:FG_ie.2377$g4.40041@news2.nokia.com...
>
> "Brian" <brian.dickerson@gmail.com> wrote in message
> news:1116496090.335202.54060@g49g2000cwa.googlegro ups.com...
>> You must have either NAT or a static command configured. If you are
>> using public IPs behind the firewall, then you can use a static command
>> instead of NAT.
>> I.E. static (inside,outside) 10.30.40.0 10.30.40.0 netmask
>> 255.255.255.0 0 0
>>
>> That will allow traffic to flow from the inside out. After that, you
>> will configure the PIX to accept traffic from the external host as you
>> described.

>
> Is there any global command to make all the external addresses static
> without having to enter the static (inside,outside)... to every external
> host?
>
> Is this "static" = static NAT?
>
> -Sami
>
>




Gerd EMail 05-19-2005 12:46 PM

Re: PIX PDM newbie
 
Sami wrote:
> "Brian" <brian.dickerson@gmail.com> wrote in message
> news:1116496090.335202.54060@g49g2000cwa.googlegro ups.com...
>
>>You must have either NAT or a static command configured. If you are
>>using public IPs behind the firewall, then you can use a static command
>>instead of NAT.
>>I.E. static (inside,outside) 10.30.40.0 10.30.40.0 netmask
>>255.255.255.0 0 0
>>
>>That will allow traffic to flow from the inside out. After that, you
>>will configure the PIX to accept traffic from the external host as you
>>described.

>
>
> Is there any global command to make all the external addresses static
> without having to enter the static (inside,outside)... to every external
> host?
>
> Is this "static" = static NAT?

correct
>
> -Sami
>
>


Sami 05-19-2005 01:00 PM

Re: PIX PDM newbie
 

"TC" <tc@gotanet.nospamplease.se> wrote in message
news:d6huas$i1p$1@zebra1.gotanet.se...
> The command Brian posted will make all inside hosts appear on the outside
> with their own addresses:
>
> static (inside,outside) 10.30.40.0 10.30.40.0 netmask 255.255.255.0 0 0
>
> This is called a network static.
>
> /TC
>

Ok, thanks to everyone...now if I manage to do this in GUI...

-Sami




All times are GMT. The time now is 11:29 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.