Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX global pool

Network readdress project requires PIX changes. We provide internet access for company w/in our campus (3rd party connect). Currently 3rd party is config'd as "DMZ" on PIX 525.

We provide "network management" to the 3rd party by helping their admin do troubleshooting.

inside: 10.1.1.1 (existing range)

inside: 10.50.1.1 (new range)

outside (3rd party): 172.16.1.1

200 hosts on 3rd party network coming thru firewall

is one-to-one nat the best approach for ease of troubleshooting their connections thru the fw?

OR

is it best to assign a "global pool" of inside addresses (10.50.1.1) to the fw which, when client on outside connects to internet, etc, would get a 10.50.1.x address?

is there a config out there which could help illustrate what i'm trying to acccomplish?

thanks for any info.

5 REPLIES
Cisco Employee

Re: PIX global pool

well does the client just needs inbound access or outbound or both?

Secondly how many clients are there in total ?

New Member

Re: PIX global pool

Thanks for your reply.

Total clients: 200

Firewall provides client with internet / server reources (on our side) primarily. Client also has remote users which access their systems in their network...so....

client req's BOTH inbound and outbound access

Cisco Employee

Re: PIX global pool

200 different clients behind the FW...and they needs access from outside world..right..?..you need to make a static xlate rules ..if above is this case.

New Member

Re: PIX global pool

Correct on static xlates although access from "outside world" will only be to 10 servers. The rest of connections will from client network TO outside world.

Assuming ip allocation is 10.50.1.0 /24.

allocate 10 ip's for static xlate

other 244 are available

Is this correct commmand to permit client access:

global (outside) 1 10.50.1.0 netmask 255.255.255.0

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

Cisco Employee

Re: PIX global pool

for outbound access use the PAT IP :-

nat (inside) 1 0 0

global (outside) 1 interface

219
Views
0
Helpful
5
Replies
CreatePlease login to create content