Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Allow Internal machine to surf through Router via Pix

Allow Internal machine to surf through Router via Pix 9 years 5 months ago #20587

  • blinton25
  • blinton25's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Hello,

1. My router (207.x.x.50) is setup to allow only addresses within a range to surf through it:

207.x.x.(51-55)

If I configure a computer with one of these ips(e.g 207.x.x.52), Netmask of 255.255.255.248 Gateway 207.x.x.50 and connect the computer to the router via a crossover cable I can surf ok.

2. I connected a Pix 501 (assigned it IP 207.x.x.51) to the router to protect my computers. The default configuration for the Pix should allow me to access the Internet from these computers, but I can't. Knowing that only certain IPs are supported by the router, when I configured the Pix using PDM I selected the option to not use NAT/PAT, but instead pass the IP address for the computer straight to the router. However still can't surf.

I suspect the issue may be that the Pix is seeing an IP address of 207.x.x.52 on the inside interface, where it expects one like 192.168.1.3 And I can't use an IP in this format since the router doesn't support it. Plus these are going to be DNS servers which are accessible outside my network, so I don't want the Pix to hide the addresses.

If so would the following address my issue:

static (inside,outside) 207.x.x.51 192.168.1.3 255.255.255.248 255.255.255.0

Any other suggestions?
The administrator has disabled public write access.

Re: Allow Internal machine to surf through Router via Pix 9 years 5 months ago #20599

  • blinton25
  • blinton25's Avatar
  • Offline
  • New Member
  • Posts: 2
  • Karma: 0
Hello,

Also note that in the "NAT and PAT" portion of the configuration wizard I had selected "Do not translate any addresses"

However, if I select PAT (Use IP address on outside interface) then the computer can surf.


So my question is: How do I allow my DNS/Web server to be accessible via its external IP while using the Pix?
The administrator has disabled public write access.

Re: Allow Internal machine to surf through Router via Pix 9 years 5 months ago #20602

  • smitherton
  • smitherton's Avatar
  • Offline
  • Frequent Member
  • Posts: 60
  • Karma: 0
Why would you want your servers to have an outside address? Have you considered setting up a 1 to 1 NAT with the outside address translating to the internal address of your web server(DMZ)? You could also create a policy based NAT that will forward certain services to different internal address from one external address.
The administrator has disabled public write access.
Time to create page: 0.080 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup