02-08-2007 03:08 AM - edited 03-03-2019 03:40 PM
Hi All
I have a Cisco PIX 550E firewall I want to setup as a router.
The outside interface (eth0) has IP address 196.216.78.134, subnet 255.255.255.252, gatewat 192.216.78.133
The inside interface (eth1) has IP address 192.168.3.0, subnet 255.255.255.0.
I was to clear the access list which is defined.
How do I do this? I can login to the PIX on configuration mode. How do I proceed?
02-08-2007 03:28 AM
Hi
From enable mode
1) "sh access-group". This will show you the interfaces where the access-lists have been applied.
for example
access-group acl_inboud in interface outside
2) From config mode "no acccess-group acl_inbound in interface outside".
This will get rid of the access-list but it is not as simple as that.
For traffic to flow from a lower to a higher level interface you must have an access-list permitting the traffic. in addition you will have present inside addresses to the outside with static NAT.
You also need to take of NAT for hosts on the inside going outbound. In your instance you would probably want to do a nat (inside) 0 0.0.0.0 0.0.0.0.
The Pix is not really designed to be a router. Is there a reason why you need to do this.
HTH
Jon
02-08-2007 04:59 AM
I need to use the PIX as a router bacause I do not have a router. I was figuring that NATting would work fine for routing.
02-08-2007 05:37 AM
Hi
Okay. Main differences from a router
1) you have to do something about NAT whether you want it or not.
2) You still need access-list even if it is a "permit ip any any" to go from outside to inside.
Good luck
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: