Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Protect inside and control outside

Reply
Thread Tools

Protect inside and control outside

 
 
Jeroen
Guest
Posts: n/a
 
      11-18-2003
Hi Folks,
I need to seperate a small part of my LAN; for this I've got myself a
nice pix 501.
This is what I need:
4 hosts will be behind this pix. These hosts will need to access a few
pc in my lan, as well as the oustide world:

4hosts ------- pix501-----my lan-----pix 515---outside

in 'my lan' there are about 100 hosts, but the 4 only need to access a
few of them.
So, I came up with this:


PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list outside_access_in permit icmp any any
access-list inside_access_in permit ip any host 10.0.0.7
access-list inside_access_in permit ip any host 10.0.0.6
access-list inside_access_in permit ip any host 10.0.0.5
access-list inside_access_in permit ip any interface outside
access-list inside_access_in permit ip any host 10.0.0.4
access-list inside_access_in deny ip any 192.168.0.0 255.255.0.0
ip address outside 192.168.20.22 255.255.0.0
ip address inside 10.0.0.1 255.255.255.0
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0 norandomseq
static (outside,inside) 10.0.0.4 192.168.1.2 netmask 255.255.255.255 0 0
norand
omseq
static (outside,inside) 10.0.0.5 192.168.1.4 netmask 255.255.255.255 0 0
static (outside,inside) 10.0.0.6 192.168.1.3 netmask 255.255.255.255 0 0
static (outside,inside) 10.0.0.7 192.168.0.3 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 192.168.0.3 1
route outside 192.168.20.22 255.255.255.255 192.168.0.3 1

So, the hosts they need to see are 192.168.1.4/1.3/1.2, and they see
them as 10.0.0.5/6/4 They can't access any other machine, which is good.

Now, 192.168.0.3 is the default gateway on our lan (my lan) to the
outside world. I've tried to buid that one as default route, but it
won't work. No matter what I do, I can't seem to get it to reach the
internet at all.

Am I going the correct way with this? Or are there easier methodes?
What am i doing wrong with the default routes?
Any insights are greatly appreciated!
--
Jeroen


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
help with pix inside->outside + dmz->outside + inside->outside->dmz Jack Cisco 0 09-19-2007 01:57 AM
CallForward outside->inside->outside failed after one ring. Yogz Cisco 1 04-16-2007 03:58 PM
persisting changes to a control outside a user control from the user control? Mad Scientist Jr ASP .Net 0 03-22-2006 08:02 AM
inside-outside-inside issue on PIX 506E Dan Rice Cisco 9 02-04-2005 12:04 AM
protect my char* from outside pembed2003 C Programming 5 04-24-2004 05:41 AM



Advertisments