PIX PDM newbie

Discussion in 'Cisco' started by Sami, May 19, 2005.

  1. Sami

    Sami Guest

    Hi,

    we are upgrading our FW (nokia ip530) to Cisco pix 515 with graphic PDM
    (3.0). Since I don't have any experience of Cisco firewalls I'd like to ask
    a couple of questions.

    In Nokia IP530 if we wanted to permit IP traffic i.e from external (outside)
    host 10.20.30.40 to an internal (inside) host 10.30.40.50 all we had to do
    was make one rule permitting traffic from inside to outside and another rule
    to permit traffic from outside to inside.

    Now with this PIX it seems that the configuration is not that simple...it
    seems like we have to define NAT also. Is it possible to permit the traffic
    without using NAT?

    If NAT must be used how do we have to configure the PIX?

    Thanks in advance

    -Sami R
     
    Sami, May 19, 2005
    #1
    1. Advertising

  2. Sami

    Brian Guest

    You must have either NAT or a static command configured. If you are
    using public IPs behind the firewall, then you can use a static command
    instead of NAT.
    I.E. static (inside,outside) 10.30.40.0 10.30.40.0 netmask
    255.255.255.0 0 0

    That will allow traffic to flow from the inside out. After that, you
    will configure the PIX to accept traffic from the external host as you
    described.
     
    Brian, May 19, 2005
    #2
    1. Advertising

  3. Sami

    Sami Guest

    "Brian" <> wrote in message
    news:...
    > You must have either NAT or a static command configured. If you are
    > using public IPs behind the firewall, then you can use a static command
    > instead of NAT.
    > I.E. static (inside,outside) 10.30.40.0 10.30.40.0 netmask
    > 255.255.255.0 0 0
    >
    > That will allow traffic to flow from the inside out. After that, you
    > will configure the PIX to accept traffic from the external host as you
    > described.


    Is there any global command to make all the external addresses static
    without having to enter the static (inside,outside)... to every external
    host?

    Is this "static" = static NAT?

    -Sami
     
    Sami, May 19, 2005
    #3
  4. Sami

    TC Guest

    The command Brian posted will make all inside hosts appear on the outside
    with their own addresses:

    static (inside,outside) 10.30.40.0 10.30.40.0 netmask 255.255.255.0 0 0

    This is called a network static.

    /TC

    "Sami" <> skrev i meddelandet
    news:FG_ie.2377$...
    >
    > "Brian" <> wrote in message
    > news:...
    >> You must have either NAT or a static command configured. If you are
    >> using public IPs behind the firewall, then you can use a static command
    >> instead of NAT.
    >> I.E. static (inside,outside) 10.30.40.0 10.30.40.0 netmask
    >> 255.255.255.0 0 0
    >>
    >> That will allow traffic to flow from the inside out. After that, you
    >> will configure the PIX to accept traffic from the external host as you
    >> described.

    >
    > Is there any global command to make all the external addresses static
    > without having to enter the static (inside,outside)... to every external
    > host?
    >
    > Is this "static" = static NAT?
    >
    > -Sami
    >
    >
     
    TC, May 19, 2005
    #4
  5. Sami

    Gerd EMail Guest

    Sami wrote:
    > "Brian" <> wrote in message
    > news:...
    >
    >>You must have either NAT or a static command configured. If you are
    >>using public IPs behind the firewall, then you can use a static command
    >>instead of NAT.
    >>I.E. static (inside,outside) 10.30.40.0 10.30.40.0 netmask
    >>255.255.255.0 0 0
    >>
    >>That will allow traffic to flow from the inside out. After that, you
    >>will configure the PIX to accept traffic from the external host as you
    >>described.

    >
    >
    > Is there any global command to make all the external addresses static
    > without having to enter the static (inside,outside)... to every external
    > host?
    >
    > Is this "static" = static NAT?

    correct
    >
    > -Sami
    >
    >
     
    Gerd EMail, May 19, 2005
    #5
  6. Sami

    Sami Guest

    "TC" <> wrote in message
    news:d6huas$i1p$...
    > The command Brian posted will make all inside hosts appear on the outside
    > with their own addresses:
    >
    > static (inside,outside) 10.30.40.0 10.30.40.0 netmask 255.255.255.0 0 0
    >
    > This is called a network static.
    >
    > /TC
    >

    Ok, thanks to everyone...now if I manage to do this in GUI...

    -Sami
     
    Sami, May 19, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jaisol
    Replies:
    1
    Views:
    3,760
    Walter Roberson
    May 5, 2005
  2. Michiel
    Replies:
    4
    Views:
    4,661
    Michiel
    Aug 22, 2006
  3. Michiel
    Replies:
    2
    Views:
    844
    Michiel
    Aug 22, 2006
  4. Michiel
    Replies:
    19
    Views:
    1,166
    Michiel
    Aug 24, 2006
  5. Michiel
    Replies:
    0
    Views:
    2,300
    Michiel
    Aug 25, 2006
Loading...

Share This Page