Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Connecting Cisco PIX 515E to cisco router

Connecting Cisco PIX 515E to cisco router 10 years 10 months ago #12763

  • Wimpsy
  • Wimpsy's Avatar
  • Offline
  • New Member
  • Posts: 12
  • Karma: 0
I am trying to connect a cisco 515e pix firewall to a router. The connection is such that the inside interface of the pix connects to the switch on the lan and the outside interface connects to the router pointing to the ISP.
The inside hosts all have a class C private address and PAT is being applied to translate the adresses to a public address. The outside interface of the pix and the router ethernet interface are on a class A private address subnet.The router serial interface has been assigned the public address being used for PAT.
Hosts on Lan can ping inside interface of pix but not outside interface of pix. Kindly assist.
The administrator has disabled public write access.

Re: Connecting Cisco PIX 515E to cisco router 10 years 10 months ago #12807

  • bimmer
  • bimmer's Avatar
  • Offline
  • New Member
  • Posts: 8
  • Karma: 0
From CISCO site: Inbound ICMP through the PIX is denied by default. Outbound ICMP is permitted, but the incoming reply is denied by default.

More here:

www.firewall.cx/ftopict-2075.html

I don't know why you'll need to ping the outside interface from the protected side but I think this is how is supposed to be. I tried it on my 515 and is doing the same thing. Other than that everything is normal. However pinging the outside (ISP) interface of your router will work.
The administrator has disabled public write access.

Re: Connecting Cisco PIX 515E to cisco router 10 years 10 months ago #12820

  • Wimpsy
  • Wimpsy's Avatar
  • Offline
  • New Member
  • Posts: 12
  • Karma: 0
The ping to the outside interface of the pix was being done to test connectivity. The problem is that without the pix firewall the hosts on the LAN are able to access the internet, the moment the pix is connected hosts canot access the internet.What step am I missing? Kindly assist.
The administrator has disabled public write access.

Re: Connecting Cisco PIX 515E to cisco router 10 years 10 months ago #12884

  • ramasamy
  • ramasamy's Avatar
  • Offline
  • Frequent Member
  • Posts: 67
  • Karma: 0
I am trying to connect a cisco 515e pix firewall to a router. The connection is such that the inside interface of the pix connects to the switch on the lan and the outside interface connects to the router pointing to the ISP.
The inside hosts all have a class C private address and PAT is being applied to translate the adresses to a public address. The outside interface of the pix and the router ethernet interface are on a class A private address subnet.The router serial interface has been assigned the public address being used for PAT.
Hosts on Lan can ping inside interface of pix but not outside interface of pix. Kindly assist.

Hi,

You cannot ping the outside interface of the firewall from inside network or from outside network to the inside interface of the firewall. It is disabled by default because PIX is a security device and you cannot enable it by applying Access control list or by doing anything. You cannot even Telnet, SSH the outside interface from inside network and Wise versa
The administrator has disabled public write access.

Re: Connecting Cisco PIX 515E to cisco router 10 years 10 months ago #12885

  • ramasamy
  • ramasamy's Avatar
  • Offline
  • Frequent Member
  • Posts: 67
  • Karma: 0
The ping to the outside interface of the pix was being done to test connectivity. The problem is that without the pix firewall the hosts on the LAN are able to access the internet, the moment the pix is connected hosts canot access the internet.What step am I missing? Kindly assist.

Hi,

Regarding this check the route in your router and in the PIX. The router should have route to your LAN, Directly Connected network and a default router to the ISP router and in PIX you should have inside and outside Directly Connected network and a default route to pix inside interface.
The administrator has disabled public write access.

Re: Connecting Cisco PIX 515E to cisco router 10 years 10 months ago #12930

  • Wimpsy
  • Wimpsy's Avatar
  • Offline
  • New Member
  • Posts: 12
  • Karma: 0
Thanks for all the replies to my query. The problem has been fixed. Hosts are able to connect to the internet now. I applied the clear arp command on the router and the clear xlate command on the pix. Thanks for the insight on the ping issue.[/b]
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.080 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup