Routing in Cisco PIX 515E

philipmusyoki · ‎02-08-2007

Hi All

I have a Cisco PIX 550E firewall I want to setup as a router.

The outside interface (eth0) has IP address 196.216.78.134, subnet 255.255.255.252, gatewat 192.216.78.133

The inside interface (eth1) has IP address 192.168.3.0, subnet 255.255.255.0.

I was to clear the access list which is defined.

How do I do this? I can login to the PIX on configuration mode. How do I proceed?

Jon Marshall · ‎02-08-2007

Hi

From enable mode

1) "sh access-group". This will show you the interfaces where the access-lists have been applied.

for example

access-group acl_inboud in interface outside

2) From config mode "no acccess-group acl_inbound in interface outside".

This will get rid of the access-list but it is not as simple as that.

For traffic to flow from a lower to a higher level interface you must have an access-list permitting the traffic. in addition you will have present inside addresses to the outside with static NAT.

You also need to take of NAT for hosts on the inside going outbound. In your instance you would probably want to do a nat (inside) 0 0.0.0.0 0.0.0.0.

The Pix is not really designed to be a router. Is there a reason why you need to do this.

HTH

Jon

philipmusyoki · ‎02-08-2007

I need to use the PIX as a router bacause I do not have a router. I was figuring that NATting would work fine for routing.

Jon Marshall · ‎02-08-2007

Hi

Okay. Main differences from a router

1) you have to do something about NAT whether you want it or not.

2) You still need access-list even if it is a "permit ip any any" to go from outside to inside.

Good luck

Jon