Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

connecting pix behind 801

I have a 801 router configured to internet, so LAN pc can connect to the internet. Detail IOS is below

This setup is temporary, because now i have to connect a firewall pix 506E behind the router with users accessing the net through firewall.

I think the Eo IP of the router will now change to 213.x.x.b & external IP will now change to 213.x.x.c with BRI0 remaining unchanged i.e. 213.x.x.a. Also now the gateway for the LAN PC will be same i.e. 192.168.1.100 which will now be PIX internal IP.

Though its my first interaction with PIX, I am pasting he final IOS. Related to this if anybody can send the basic configuration to setup the PIX up & running. so that users can connect to the internet behind the firewall

Thanks a Lot

Best regards

shoeb

====================IOS==========================

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname dxb2000

!

enable secret xxxxxx

!

ip subnet-zero

!

no ip domain-lookup

isdn switch-type basic-net3

!

!

!

interface Ethernet0

ip address 192.168.1.100 255.255.255.0

ip nat inside

no cdp enable

!

interface BRI0

no ip address

encapsulation ppp

dialer pool-member 1

isdn switch-type basic-net3

no cdp enable

ppp authentication pap callin

!

interface Dialer1

description CONNECTION TO INTERNET

ip address 213.x.x.a 255.255.255.248

ip nat outside

encapsulation ppp

dialer pool 1

dialer idle-timeout 0

dialer string 4004444

dialer persistent

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username xxxxxx password xxxxx

!

ip nat pool nat-pool-0 213.x.x.a 213.x.x.a netmask 255.255.255.248

ip nat inside source list 1 pool nat-pool-0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

!

!

access-list 1 permit 192.168.1.0 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

banner login ^C RESTRICTED ACCESS ^C

!

line con 0

password xxxxx

login

stopbits 1

line vty 0 4

password xxxxx

login

!

no rcapi server

!

!

end

2 REPLIES
Silver

Re: connecting pix behind 801

Hi,

Pl. go thru this link -

http://www.cisco.com/warp/public/110/single-net.shtml

If you want to remove nat from the router then you can just directly follow the above link to configure your pix.

Regards,

Mynul

Highlighted
New Member

Re: connecting pix behind 801

1. do i need to remove these natting from the router :

ip nat inside

ip nat outside

ip nat pool nat-pool-0 213.x.x.a 213.x.x.a netmask 255.255.255.248

ip nat inside source list 1 pool nat-pool-0 overload.

2. do i need to change the dialer1 ip to "ip unnumbered e0". i need a public internet ip to connect to the internet. i.e. 213.x.x.a ?

89
Views
0
Helpful
2
Replies
CreatePlease login to create content