I am fairly new to PIXes; therefore, I need some help.
I have read a lot of resources on PIXes. However, I can not get the firewall working in the basic NO-NAT transparent mode using nat 0. The main problem is that all cisco literature assume that Pix will have different subnets on the ports. However, I am only trying to implement PIX with no NAT on the same subnet. This is the layout.
Rest of the Network
Router E1 (x.x.200.1)
PIX int E0 (OUT)
PIX int E1 (IN)
MY INSIDE NETWORK.
I want to use all existing IPs. I understand that nat (inside) 0 0.0.0.0 255.255.255.255 should be used. However, what IPs to I give to the PIXes interfaces. What IPs (default gateway) should PCs inside of the network have.
I would like to put the PIX in transparent mode, so the default gateway would be 200.1 and traffic would be forced through PIX.
Please, if anyone has any suggestions and config samples, I would appreciate it.
A Pix cannot be a bridging firewall. You need to assign ip addresses to each interface, and route through it. Is there a router between your internal network and the pix? If there is, it will need to have the pix configured as its default gateway
You want to use nat (inside) 0 0.0.0.0 0.0.0.0
Your command nat (inside) 0 0.0.0.0 255.255.255.255 means that only the host 0.0.0.0 gets natted.
It could be that this configuration change is all that you need to make, as you didn't provide internal topology information.
The nat command I had correct on the firewall. However, I did not have configuration handy as I was typing the questions, so I just wrote it out of my head. Anyhow, the nat statement is not a problem. It is the interfaces and IPs.
I though that PIX can be used as the bridge. OK. then. I also tried to use it as a router on the same subnet and it does not work. What IPs to I need to give to the PIX interfaces.
Here is the layout.
(x.190.200.2 - 255.255.255.0)
PIX Int E0 (x.190.200.254 - 255.255.255.0)
PIX Int E1 (x.190.200.1 - 255.255.255.0)
(This IP can not be entered because it is the same subnet)
(PC with x.190.200.100 - 255.255.255.0 - x.190.200.1)
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...