×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX 515E & Cisco837

Unanswered Question
Jul 2nd, 2006
User Badges:

Hi! I just configured my Cisco 837 to connect to the internet. The internet services we are using are dynamic ip, so the cisco 837 was also configured with dynamic ip and the inside nat was configured with dhcp.


I got a PIX 515E now, and i want to connect my cisco 837 to my new PIX 515E. I'm new in configuring firewall. Anyone has any advise on the steps to follow or working sample config for the firewall?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
froggy3132000 Sun, 07/02/2006 - 17:07
User Badges:
  • Bronze, 100 points or more

at the end of the day, what are you trying to accomplish?

dkblee@hotmail.com Sun, 07/02/2006 - 22:41
User Badges:

Hi!


Here's the setup :


Cisco2950------>Cisco PIX 515E -------->Cisco 837.


There will be about 10 hosts connected to the Cisco2950 switch, which will be given access to the internet. The connection should only from the clients to the internet.


Is it possible to keep track of the site that the users go to using this firewall?


Thanks.

Fernando_Meza Sun, 07/02/2006 - 23:01
User Badges:
  • Gold, 750 points or more

Ok .. so you need.


1.- To make sure the users ar using the internal interface of the PIX as default gateway for outbound internet. Lets say the inside interface IP is x.x.x.x so your users need to have x.x.x.x as their default gateway.


2.- You need to use a cross over cable to connect the PIX with the 837.


3.- Configure the Ip address of the 837 router which faces teh PIX as static .. example 10.10.10.1 255.255.255.0 Configure the interface of the PIX which is connected to the 837 as 10.10.10.2 255.255.255.0. Let's call this interface "outside"


4.- You need to configure the PIX to allow internet access from your hosts


access-list Internet_Outbound permit tcp any eq www


access-group Internet_Outbound in interface inside


5.- You need to enable PAT


nat (inside) 1 access-list Internet_Outbound

global (outside) 1 interface


6.- make sure your pix has a default route pointing to 10.10.10.1 ( The ADSL router ).


route outside 0.0.0.0 0.0.0.0 10.10.10.1


7.- Make sure your 837 router has a route for your internal subnet.


This should keep you going ..


I hope it helps .. please rate if it does !!!



Actions

This Discussion