Configuring PIX 501 with a single internal network

lando0977 · ‎11-08-2006

I have a PIX 501 i need to configure and need some help. The address of my inside netork is 192.168.0.0 and the outside will be 192.168.1.0. I have been able to assign ip address to the inside interface as 192.168.0.35 and the outside interface as 192.168.1.1. Now i have a pc with the address 192.168.1.26 on the outside which i need my users from the inside (192.168.0.0) to connect to. How do i need to configure nat and routes for this to be able to work. I'm new at this. Thanks!

Collin Clark · ‎11-08-2006

To enable NAT,

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

If you want to get beyond the 192.168.1.0 network you will need to know the gateway for that network. The route statement to add for example...

route outside 0.0.0.0 0.0.0.0 192.168.1.254

HTH and please rate.

lando0977 · ‎11-08-2006

I tried that and now i'm trying to ping a machine on the outside from the inside and can't do it. How can i fix this?

t-heeter · ‎11-08-2006

You need access-list on outside interface to allow icmp echo-reply.

access-list 101 permit icmp 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0 echo-reply

access-group 101 in interface outside

lando0977 · ‎11-08-2006

I tried that and still get host unreachable, either way. Sorry but i'm new at this, what can i do now.

t-heeter · ‎11-08-2006

Post pix config

lando0977 · ‎11-08-2006

i've attached the pic cfg.

chetankamra · ‎11-09-2006

Do you have any access-list configure on Inside Interface..

I am not able to access your config...

CK