i am new to the Cisco IOS and PIx products but a small company that i work for just purchased a Cisco PIX 515E to protect their network. i am a microsoft person so i am looking for a little help and insight. Right now, dont laugh, they have Microsoft Proxy 2.0 performing NAT and firewall functions on a dual-homed NT Server (1 nic with inside address, 1 with address of ISP router). Proxy is going away and i would like the PIX to take over the NAT function so machines can get on the internet. this is what i have built so far and am looking for any tips, suggestions, etc. We do not have any internal DNS servers, only the our IPS's. i want to keep our other NT server doing DHCP and we also have an Exchange 5.5 server. thanks for any help!
If you are looking for basic outbound conenctivity and no inbound services then you need one more statment. You need a 'nat (inside) 1 192.168.1.0 255.255.255.0 0 0' statement to allow the inside users through the PIX to the internet.
I would recommed that you limit the ICMP types that are allowed inbound through the PIX to echo-reply, administratively-prohibited, time-exceeded, or any other specific types you require.
For additional tips on configuring the PIX, I would point you to the product documents for technical tips unless you have a specific concern or question:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...