Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Basic Questions, Initial configuration of 506E

I'm restarting a post, because I think my questions are more basic than the one I actually posed.

Let's say my Firewall is behind a router, the router configured as, and I want to assign a block of IPs to my 506e firewall.

What do I set the outside IP address, SNMask of the firewall?

I recently tried, and it fixed up most of the problems I was having, but now users behind the firewall couldn't get out, and some, but not all, users in the subnet lost access to the internet.

I tried configuring the firewall to,, and couldn't get access to servers behind the firewall. When I changed the to, I could get access to the 'protected' servers, but with the problems listed above.


Re: Basic Questions, Initial configuration of 506E


Your PIX's outside interface should use any unused IP from the (/24) subnet, e.g if router fastethernet is, then PIX's outside IP is or Use the same netmask of for both.

Set the PIX's default route to the router IP, e.g "route outside 0 0 1".

If some users behind firewall couldn't access internet, check the "nat" statement. What the IP range, subnet or individual hosts allowed? Verify the "global" statement IP used as translation IP to go out, e.g:

global (outside) 1

nat (inside) 1

BTW, all servers/hosts behind firewall must point to Firewall inside interface IP as gateway. Pls make sure the netmask is consistent as well (

Anyway, what your firewall config looks like?



CreatePlease to create content