Get DSL line to work with Pix outside interface?

whiteford · ‎01-22-2008

Hi, I have a Cisco pix 515e (version 7.1). I have a DSL line which is a Cisco 877 router. THE DSL router is working fine on the Internet, but I now want to add the 877 to the Cisco 515 Pix Outside interface and give a few users behind the firewall Internet access.

The 877's IP is 192.168.0.100 and the Pix is 171.20.1.1.

I have added on the Pix a static route of:

route outside 0.0.0.0 0.0.0.0 192.168.0.100 1

I also have on the Pix:

global (outside) 1 interface (what is this?)

nat (inside) 1 171.20.1.0 255.255.255.0

Plus I have added http rules for the inside network to the outside network on port 80/443.

What else should I do?

didyap · ‎01-28-2008

You will have to NAT the traffic flowing through the PIX as PIX will drop the traffic if a NAT rule does not exist. Following link may help you

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804619d8.shtml

srue · ‎01-28-2008

it sounds like the 877 is set up for NAT, is that correct?

if so, you are better off not NAT'ing as traffic passes through the PIX. Make sure nat-control is not enabled on the PIX, and remove all nat/global/static statements to make this happen.

Make sure the 877 has a route back to the internal network of the PIX.