Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix 501 disabling NAT

I have a 2611 Router at home that i use to access my isp the 2 ethernet ports are configured with private ip addresses Ethernet 0 192.168.0.1, Ethernet 0/1 10.0.0.1 Both ports have a static/default route pointing to dialer interface also both interfaces have dynamic nat overloading applied,i have a Pix 501 that i would like to use but i am unsure how to configure it with this setup,would i have to disable nat on the pix. any advice would be greatfully appreciated.

4 REPLIES

Re: Pix 501 disabling NAT

Hi .. if you are trying to use the PIX instead of the router then the only issue is that the PIX 501 will only give you 1 internal subnet as it does not support more than 2 segments ( outside / inside )

You could connected then as below ..

Internet->Firewall->Router ( Lan 1 and Lan 2)

The default gateway for the router will be the internal interface of the PIX. The Default gateway of the PIX will be your ISP. And the PIX can be configured as PPPoE client. as per the below link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00801055dd.shtml

Also On the PIX you would need to add a static routes for your internal lans.

The below config will give internet access from any host connected to the Internal side.

global (outside) 1 interface

nat (inside) 1 access-list Internet_Access

access-list Internet_Access permit ip x.x.x.x 255.255.255.0 any ( where x.x.x.x is you internal lan )

I hope it helps .. please rate it if it does !!!

New Member

Re: Pix 501 disabling NAT

Hi fernando thanks for taking the time to reply to my post i will try your suggestions and post back as soon as i can.

Re: Pix 501 disabling NAT

try this:

access-list noNAT permit ip [PIX_INSIDE_subnet] [mask] any

nat (inside) 0 access-list noNAT

or

static (inside,outside) [PIX_INSIDE_subnet] [PIX_INSIDE_subnet] netmask [mask] 0 100

New Member

Re: Pix 501 disabling NAT

Hi Grant thanks for the config i will try this at the weekend and post back with results many thanks.

522
Views
0
Helpful
4
Replies