Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Connecting Cisco PIX 515E to cisco router

Connecting Cisco PIX 515E to cisco router 12 years 5 months ago #12763

  • Wimpsy
  • Wimpsy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 12
  • Thank you received: 0
I am trying to connect a cisco 515e pix firewall to a router. The connection is such that the inside interface of the pix connects to the switch on the lan and the outside interface connects to the router pointing to the ISP.
The inside hosts all have a class C private address and PAT is being applied to translate the adresses to a public address. The outside interface of the pix and the router ethernet interface are on a class A private address subnet.The router serial interface has been assigned the public address being used for PAT.
Hosts on Lan can ping inside interface of pix but not outside interface of pix. Kindly assist.

Please Log in to join the conversation.

Re: Connecting Cisco PIX 515E to cisco router 12 years 5 months ago #12807

From CISCO site: Inbound ICMP through the PIX is denied by default. Outbound ICMP is permitted, but the incoming reply is denied by default.

More here:

www.firewall.cx/ftopict-2075.html

I don't know why you'll need to ping the outside interface from the protected side but I think this is how is supposed to be. I tried it on my 515 and is doing the same thing. Other than that everything is normal. However pinging the outside (ISP) interface of your router will work.

Please Log in to join the conversation.

Re: Connecting Cisco PIX 515E to cisco router 12 years 5 months ago #12820

  • Wimpsy
  • Wimpsy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 12
  • Thank you received: 0
The ping to the outside interface of the pix was being done to test connectivity. The problem is that without the pix firewall the hosts on the LAN are able to access the internet, the moment the pix is connected hosts canot access the internet.What step am I missing? Kindly assist.

Please Log in to join the conversation.

Re: Connecting Cisco PIX 515E to cisco router 12 years 4 months ago #12884

I am trying to connect a cisco 515e pix firewall to a router. The connection is such that the inside interface of the pix connects to the switch on the lan and the outside interface connects to the router pointing to the ISP.
The inside hosts all have a class C private address and PAT is being applied to translate the adresses to a public address. The outside interface of the pix and the router ethernet interface are on a class A private address subnet.The router serial interface has been assigned the public address being used for PAT.
Hosts on Lan can ping inside interface of pix but not outside interface of pix. Kindly assist.


Hi,

You cannot ping the outside interface of the firewall from inside network or from outside network to the inside interface of the firewall. It is disabled by default because PIX is a security device and you cannot enable it by applying Access control list or by doing anything. You cannot even Telnet, SSH the outside interface from inside network and Wise versa

Please Log in to join the conversation.

Re: Connecting Cisco PIX 515E to cisco router 12 years 4 months ago #12885

The ping to the outside interface of the pix was being done to test connectivity. The problem is that without the pix firewall the hosts on the LAN are able to access the internet, the moment the pix is connected hosts canot access the internet.What step am I missing? Kindly assist.


Hi,

Regarding this check the route in your router and in the PIX. The router should have route to your LAN, Directly Connected network and a default router to the ISP router and in PIX you should have inside and outside Directly Connected network and a default route to pix inside interface.

Please Log in to join the conversation.

Re: Connecting Cisco PIX 515E to cisco router 12 years 4 months ago #12930

  • Wimpsy
  • Wimpsy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 12
  • Thank you received: 0
Thanks for all the replies to my query. The problem has been fixed. Hosts are able to connect to the internet now. I applied the clear arp command on the router and the clear xlate command on the pix. Thanks for the insight on the ping issue.[/b]

Please Log in to join the conversation.

  • Page:
  • 1
  • 2
Time to create page: 0.151 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup