Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > PIX 515E Configuration Help...

Reply
Thread Tools

PIX 515E Configuration Help...

 
 
jsandlin0803
Guest
Posts: n/a
 
      12-10-2005
Hey
I need help setting up my PIX 515E. I have installed asdm and can get
into the config. I need help with either routing oor nat, or both.

I have 2 Lan's and a Cisco Router connected. I need to know how to pass
all internet traffic from each lan to the router for internet access. I
have not set any nat pools, or static routes, because i am unsure on
how to do this.

The lan and wan specs are below


lan1: 192.168.0.0/24
lan2: 192.168.1.0/24
internet nic: 162.40.148.2 (cisco router is 162.40.148.1)


Please help on getting these on the Internet. Also, i will have remote
users, but the wizard should take care of that.


Thanks in advance


Jason S.

 
Reply With Quote
 
 
 
 
DoubleD4
Guest
Posts: n/a
 
      12-10-2005
I'm assuming that you're setup looks something like the following.
Correct me if it does not. Bear in mind that the PIX will not route
traffic back out the same interface that it came in on like other
devices will.


192.168.1.1 162.40.148.2 -----> Router 162.40.148.1
e1 e0
| |
192.168.0.1 e0--Router PIX
| |
| e1
Switch --------------- 192.168.0.5


If so, you'll want to do this on your router that is connecting the two
internal networks:

ip route 0.0.0.0 0.0.0.0 192.168.0.5


Then on the PIX you'll want to do the following:

ip address inside 192.168.0.5 255.255.255.0
ip address outside 162.40.148.2 255.255.255.248 (or whatever the
external mask is)
route outside 0.0.0.0 0.0.0.0 162.40.148.1
route inside 192.168.1.0 255.255.255.0 192.168.0.1
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface

 
Reply With Quote
 
 
 
 
jsandlin0803
Guest
Posts: n/a
 
      12-11-2005
the diagram is a little confusing. I have 2 switches. On the first is
the 192.168.0.0/24 subnet. That one is connected to e0 (192.168.0.1).
The second switch is the 192.168.1.1/24 subnet connected to e1
(192.168.1.1). The Cisco Router is connected to e3 (162.40.148.2), and
has the routers address is 162.40.148.1. I need to get internet access
for both networks of the PIX. Both networks are in the same building,
just 2 different businesses.

Thanks
Jason S.

 
Reply With Quote
 
DoubleD4
Guest
Posts: n/a
 
      12-11-2005
I agree, I suppose the diagram did not work out like I had hoped. So
when you are referencing e0, e1, and e3, are you talking about the
interfaces on the PIX itself? How many routers do you have, 1 or 2? I
assume that the Cisco Router you are talking about is the internet
router attached to the external interface of the PIX, correct? And
what is acting as the default gateway assigned to the client computers,
the PIX, or a router behind the PIX?

Sorry for so many questions, just trying to get a mental picture of
your setup.

 
Reply With Quote
 
jsandlin0803
Guest
Posts: n/a
 
      12-11-2005
Is there a specific ethernet port for the internet router? i have only
one router for the internet. It is in ethernet 3 of the PIX. I am
refering to the PIX interfaces when i say e0,e1, and e3. The default
gateway is the ip address of the associated PIX interface. For Lan1,
the gateway is 192.168.0.1 and Lan2 is 192.168.1.1.


Thanks for your help.
Jason

 
Reply With Quote
 
DoubleD4
Guest
Posts: n/a
 
      12-11-2005
In that case, it will get a little hairy as far as how the PIX does
security on its interfaces. I think (I may be wrong) that if the PIX
has more than two interfaces, it will treat the third as a DMZ
interface by default. Would it be possible for you to post the
configuration "sh run" of your PIX? If I looked at the config, I
should be able to point you in the right direction fairly quickly.

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      12-11-2005
In article <(E-Mail Removed) om>,
jsandlin0803 <(E-Mail Removed)> wrote:
>I need help setting up my PIX 515E. I have installed asdm and can get
>into the config. I need help with either routing oor nat, or both.


>I have 2 Lan's and a Cisco Router connected. I need to know how to pass
>all internet traffic from each lan to the router for internet access. I
>have not set any nat pools, or static routes, because i am unsure on
>how to do this.


>The lan and wan specs are below
>lan1: 192.168.0.0/24
>lan2: 192.168.1.0/24
>internet nic: 162.40.148.2 (cisco router is 162.40.148.1)


Your reference to asdm indicates you have PIX 7.0. I have not
studied the 7.0 syntax, so I can't give you the exact commands.

In PIX 6.x, what you want would be quite simple:

nat (inside) 1 192.168.0.0 255.255.255.0
nat (dmz) 1 192.168.1.0 255.255.255.0
global (outside) 1 interface

That would be all there would be to it for your configuration
that you set out in your discussion with DV.

This configuration would send all traffic, from both lans, out
through the same single IP address, 162.40.148.2 . If you want
the traffic seperated, say with the second lan mapping to 162.40.148.3
then you would use

nat (inside) 1 192.168.0.0 255.255.255.0
nat (dmz) 2 192.168.1.0 255.255.255.0
global (outside) 1 interface
global (outside) 2 162.40.148.2

This would PAT both lans, but with different IPs.

If you happened to want the inside traffic to use one-to-one nat
as long as IPs were available, and you wanted the traffic seperate,
then you could use, for example:

nat (inside) 1 192.168.0.0 255.255.255.0
nat (dmz) 2 192.168.1.0 255.255.255.0
global (outside) 1 162.40.148.3-162.40.148.205
global (outside) 1 162.40.148.206
global (outside) 2 162.40.148.207-162.40.148.253
global (outside) 2 192.40.148.254


You would not need to add any route commands or static commands or any
access-lists for what you indicated.

If, though, you want to restrict lan1 from being able to talk to
lan2, then you would add (PIX 6.x syntax)

access-list in2out deny ip any 192.168.1.0 255.255.255.0
access-list in2out permit ip 192.168.0.0 255.255.255.0 any

access-group in2out in interface inside

You would not need to do anything to prevent lan2 from talking to lan1.

If you do want lan2 to be able to talk to lan1, then you would
need additional configuration, the details of which would depend
on whether you want wide access or just access to specific hosts.

If you want the outside world to be able to connect to servers
on either of the lans (except through the VPNs) then you would
have additional configuration work.
--
Prototypes are supertypes of their clones. -- maplesoft
 
Reply With Quote
 
jsandlin0803
Guest
Posts: n/a
 
      12-11-2005
I have done what you said, and i still cannot get internet access.

I added
nat (inside) 1 192.168.0.0 255.255.255.0
nat (inside2) 1 192.168.1.0 255.255.255.0
global (outside) 1 interface


I still cannot connect. I also tried using the startup wizard to start
fresh, but i still cant connect. All that i have done, is run the
startup wizard, used PAT for the outside interface (e0), and have lan1
in e1 and lan2 in e2.

I may add that the lan2 is not a dmz, but a network like lan1, except a
different subnet.


Please help. I need to get connected asap.

Thanks
Jason

 
Reply With Quote
 
DoubleD4
Guest
Posts: n/a
 
      12-11-2005
Did you add the "route outside 0.0.0.0 0.0.0.0 162.40.148.1" command?
Do all your interfaces have the correct IPs assigned to them? Would it
be possible to post your config?

 
Reply With Quote
 
jsandlin0803
Guest
Posts: n/a
 
      12-11-2005
i know how to capture the text correctly on a router, but not sure on
the PIX. when i use terminal length 0, it is not a valid entry.

I need the command so that it will not say <more>.


Thanks
Jason

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco PIX 515E Configuration flamer die.spam@hotmail.com Cisco 2 02-14-2010 10:29 AM
Save Configuration Cisco pix 515e Roberto Diaz Cisco 3 07-30-2004 07:41 PM
Configuration problem in CIsco PIX 515e Edwin Cisco 1 05-04-2004 09:08 PM
PIX 515E configuration John Strow Cisco 4 01-10-2004 06:57 PM
PIX Configuration Problem - 515E Paul Stewart Cisco 2 07-09-2003 01:42 AM



Advertisments