Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX Configuration

Hi,

I am very new to PIX and need some help with setting up rules for a new network.

I have three interfaces (inside 100 - 172.16.10.0, outside 0 - 192.168.10.0 and Demo 10 - 172.16.11.0). On the Demo network I have three devices with ip addresses as 172.16.11.1, 172.16.11.2, and 172.16.11.3

I would like full IP connectivity from the inside to the demo network, and allow the demo network to access only 172.16.10.1 and 172.16.10.2 on the inside.

The Inside and Demo network should be able to access the outside.

How do i acheive this

3 REPLIES
Green

Re: PIX Configuration

This will get you from inside to Demo.

static (inside,Demo) 172.16.10.0 172.16.10.0 255.255.255.0

Green

Re: PIX Configuration

To limit access from Demo to inside...

access-list Demo permit ip any host 172.16.10.1

access-list Demo permit ip any host 172.16.10.2

access-list Demo deny ip any 172.16.10.0 255.255.255.0

access-list Demo permit ip any any

access-group Demo in interface Demo

Please rate helpful posts.

Bronze

Re: PIX Configuration

Hi

By defualt everything is permitted from inside to outside and demo interface (as per PIX interface secuirty level fundamental, by defualt "high secuirty interface network" can access "low security interface network") so no need to apply anything on inside interface.

but as you have put condition on demo interface connectivity so you have to apply access-list as explained by acomiskey.

rgds

207
Views
0
Helpful
3
Replies
CreatePlease login to create content