Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Pix translation config question

Pix translation config question 9 years 6 months ago #21694

  • donFelipe
  • donFelipe's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
By no means I'm a Pix expert but I have to analyze configs every now and then. I received this config from one of our auditors and it puzzle me the purpose of the following commands (never seen it this way). This is supposed to be a pix that sits in front of a WAP, all inside a LAN.

ip address outside 10.10.113.1 255.255.255.0
ip address inside aa.aa.aa.237 255.255.255.0
...
static (inside,outside) aa.aa.aa.220 aa.aa.aa.220 netmask 255.255.255.255 0 0
static (inside,outside) aa.aa.aa.228 aa.aa.aa.228 netmask 255.255.255.255 0 0
static (inside,outside) aa.aa.aa.229 aa.aa.aa.229 netmask 255.255.255.255 0 0
static (inside,outside) aa.aa.aa.131 aa.aa.aa.131 netmask 255.255.255.255 0 0
access-group WLAN-in in interface outside
route inside 0.0.0.0 0.0.0.0 aa.aa.aa.131 1

one last dumb question: is the 158.x.x.x considered non routable (or private)?

thanks,

donFelipe
The administrator has disabled public write access.

Re: Pix translation config question 9 years 6 months ago #21697

  • semper
  • semper's Avatar
  • Offline
  • Frequent Member
  • Posts: 39
  • Karma: 0
By no means I'm a Pix expert but I have to analyze configs every now and then. I received this config from one of our auditors and it puzzle me the purpose of the following commands (never seen it this way). This is supposed to be a pix that sits in front of a WAP, all inside a LAN.

ip address outside 10.10.113.1 255.255.255.0
ip address inside aa.aa.aa.237 255.255.255.0
...
static (inside,outside) aa.aa.aa.220 aa.aa.aa.220 netmask 255.255.255.255 0 0
static (inside,outside) aa.aa.aa.228 aa.aa.aa.228 netmask 255.255.255.255 0 0
static (inside,outside) aa.aa.aa.229 aa.aa.aa.229 netmask 255.255.255.255 0 0
static (inside,outside) aa.aa.aa.131 aa.aa.aa.131 netmask 255.255.255.255 0 0
access-group WLAN-in in interface outside
route inside 0.0.0.0 0.0.0.0 aa.aa.aa.131 1

one last dumb question: is the 158.x.x.x considered non routable (or private)?

thanks,

donFelipe

What is your question about the config? It looks pretty standard to me.

As far as the 158.x.x.x subnet. By RFC 1918 standards it's a publicly accessible address, whether or not it's configured that way on the network may be a different story.
The administrator has disabled public write access.

Re: Pix translation config question 9 years 6 months ago #21698

  • donFelipe
  • donFelipe's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
what's the purpose of :

static (inside,outside) aa.aa.aa.220 aa.aa.aa.220 netmask 255.255.255.255 0 0

having the same address as the real and mapped?
The administrator has disabled public write access.

Re: Pix translation config question 9 years 6 months ago #21701

  • semper
  • semper's Avatar
  • Offline
  • Frequent Member
  • Posts: 39
  • Karma: 0
what's the purpose of :

static (inside,outside) aa.aa.aa.220 aa.aa.aa.220 netmask 255.255.255.255 0 0

having the same address as the real and mapped?

There are instances where you need the firewall features, but don't need to mask the source IP Address.

That command became very useful for me when deploying perimeter firewalls for a company that never had them. All I did was configure the PIX, drop them in the network by changing some routing and vlan config and it became a seemless install.
The administrator has disabled public write access.

Re: Pix translation config question 9 years 6 months ago #21702

  • donFelipe
  • donFelipe's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
thanks.
The administrator has disabled public write access.
Time to create page: 0.077 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup