PIX Configuration

Unanswered Question
Jul 25th, 2007
User Badges:

Hi,


I am very new to PIX and need some help with setting up rules for a new network.


I have three interfaces (inside 100 - 172.16.10.0, outside 0 - 192.168.10.0 and Demo 10 - 172.16.11.0). On the Demo network I have three devices with ip addresses as 172.16.11.1, 172.16.11.2, and 172.16.11.3


I would like full IP connectivity from the inside to the demo network, and allow the demo network to access only 172.16.10.1 and 172.16.10.2 on the inside.


The Inside and Demo network should be able to access the outside.


How do i acheive this

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Wed, 07/25/2007 - 12:06
User Badges:
  • Green, 3000 points or more

This will get you from inside to Demo.


static (inside,Demo) 172.16.10.0 172.16.10.0 255.255.255.0

acomiskey Wed, 07/25/2007 - 12:08
User Badges:
  • Green, 3000 points or more

To limit access from Demo to inside...


access-list Demo permit ip any host 172.16.10.1

access-list Demo permit ip any host 172.16.10.2

access-list Demo deny ip any 172.16.10.0 255.255.255.0

access-list Demo permit ip any any

access-group Demo in interface Demo


Please rate helpful posts.

rajatsetia Wed, 07/25/2007 - 22:02
User Badges:
  • Bronze, 100 points or more

Hi


By defualt everything is permitted from inside to outside and demo interface (as per PIX interface secuirty level fundamental, by defualt "high secuirty interface network" can access "low security interface network") so no need to apply anything on inside interface.


but as you have put condition on demo interface connectivity so you have to apply access-list as explained by acomiskey.


rgds

Actions

This Discussion