I'm restarting a post, because I think my questions are more basic than the one I actually posed.
Let's say my Firewall is behind a router, the router configured as
192.168.1.0, 255.255.255.0 and I want to assign a block of IPs to my 506e firewall.
What do I set the outside IP address, SNMask of the firewall?
I recently tried 192.168.0.241, 255.255.255.0 and it fixed up most of the problems I was having, but now users behind the firewall couldn't get out, and some, but not all, users in the 192.168.0.1 subnet lost access to the internet.
I tried configuring the firewall to
188.8.131.52, 255.255.255.240, and couldn't get access to servers behind the firewall. When I changed the 255.255.255.240 to 255.255.255.0, I could get access to the 'protected' servers, but with the problems listed above.
Re: Basic Questions, Initial configuration of 506E
Your PIX's outside interface should use any unused IP from the 192.168.1.0 255.255.255.0 (/24) subnet, e.g if router fastethernet is 192.168.1.1, then PIX's outside IP is 192.168.1.2 or 192.168.1.241. Use the same netmask of 255.255.255.0 for both.
Set the PIX's default route to the router IP, e.g "route outside 0 0 192.168.1.1 1".
If some users behind firewall couldn't access internet, check the "nat" statement. What the IP range, subnet or individual hosts allowed? Verify the "global" statement IP used as translation IP to go out, e.g:
global (outside) 1 192.168.1.10-192.168.1.100
nat (inside) 1 192.168.0.0 255.255.255.0
BTW, all servers/hosts behind firewall must point to Firewall inside interface IP as gateway. Pls make sure the netmask is consistent as well (255.255.255.0).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :