PIX Configuration

p.holley · ‎07-25-2007

Hi,

I am very new to PIX and need some help with setting up rules for a new network.

I have three interfaces (inside 100 - 172.16.10.0, outside 0 - 192.168.10.0 and Demo 10 - 172.16.11.0). On the Demo network I have three devices with ip addresses as 172.16.11.1, 172.16.11.2, and 172.16.11.3

I would like full IP connectivity from the inside to the demo network, and allow the demo network to access only 172.16.10.1 and 172.16.10.2 on the inside.

The Inside and Demo network should be able to access the outside.

How do i acheive this

acomiskey · ‎07-25-2007

This will get you from inside to Demo.

static (inside,Demo) 172.16.10.0 172.16.10.0 255.255.255.0

acomiskey · ‎07-25-2007

To limit access from Demo to inside...

access-list Demo permit ip any host 172.16.10.1

access-list Demo permit ip any host 172.16.10.2

access-list Demo deny ip any 172.16.10.0 255.255.255.0

access-list Demo permit ip any any

access-group Demo in interface Demo

Please rate helpful posts.

rajatsetia · ‎07-25-2007

Hi

By defualt everything is permitted from inside to outside and demo interface (as per PIX interface secuirty level fundamental, by defualt "high secuirty interface network" can access "low security interface network") so no need to apply anything on inside interface.

but as you have put condition on demo interface connectivity so you have to apply access-list as explained by acomiskey.

rgds