cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1203
Views
0
Helpful
1
Replies

pix inside an internal network

fellis20
Level 1
Level 1

I installed a pix 506 to protect a single server inside a network the network is divided into 2 nets:

the 1st net has an IP adress of 131.107.0.0/24

the second network has an ip of 10.3.1.0 255.255.255.248

the pix is protecting ip 10.3.1.3 255.255.255.248

the nat inside the pix is the following:

global (outside) 1 10.3.1.3 netmask 255.255.255.248

nat (inside) 1 10.3.1.0 255.255.255.248 0 0

the problem is when we change the global outside address to 10.3.1.5-8 we can access the outside interface but we do not access it with the 10.3.1.3

even when we change the ip address of the protrcted server it still doesn't work; i need to keep this address because i have a VPN that forwards information to that specific address and to a specific port.

anyhelp with this problem?

1 Reply 1

subaa
Level 1
Level 1

If I understand clearly:

The OUTSIDE is: 131.107.0.0/24

The INSIDE is:10.3.1.0/29

The server IP is: 10.3.1.3 (?)

You want to reach that server form the OUTSIDE using the IP 10.3.1.3. Is that correct?

If so, forget all global and nat statements, and configure the following:

static (inside, outside) 10.3.1.3 10.3.1.3 0 0.

If you want to start connections form the INSIDE (10.3.1.0/29) you'd better change the global address to an IP address form the OUTSIDE IP address range (131.107.0.0/24). Don't forget, that even if you use nat, the STATICed hosts will use the IP addresses specified in the static statements. But from your info I guess there is no need to initiate connections form the INSIDE.

Bests,

Attila Suba

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card