Sample PIX and Router Config Connected to Internet

j.hato · ‎06-02-2003

Dear ciscoer,

Any sample config PIX connected to the Internet with Router. The router using the IP legal and router's ethernet 0 using 192.168.0.xxx. PIX ethernet0 using 192.168.0.xxx and the PIX's ethernet1 192.168.1.xxx. Where should I NAT the IP legal from ISP.

LAN(192.168.1.xxx)

|

PIX Inside (192.168.1.xxx)

|

PIX Outside (192.168.0.xxx)

|

Router Ethernet 0 (192.168.0.xxx)

|

Router Serial 0 (202.xxx.xxx.xxx)

Thank YOu In Advance

HATO

ywadhavk · ‎06-03-2003

Hi Hato,

You could do NAT 0 on the pix and have the edge router do the NATing for you. This would be the simplest way to get it working.

Other option is to configure PPPoE. Below link is the FAQ for the PIX configuration.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

Thanks,

yatin

ccie · ‎08-11-2003

In this configuration, how would you use the PIX as an IPSec tunnel terminator for remote access clients using software VPN clients?

osam · ‎08-13-2003

You don't have to do any IPSEC..

For your particular example.. you will have to NAT in the router and PIX, or router only.. here is the config you need to put there.. (router and PIX)

access-list 1 permit 192.168.0.0

interface s0

ip nat outside

interface e0

ip nat inside

ip nat inside source list 1 interface s0 overload

In that previous configuration you are NATing the ethernet network behind the router only.. In order for 192.168.1.0 (network behind PIX) to be able to access the internet, you will have to NAT this too..

nat 1 192.168.1.0 255.255.255.0

global 1 interface

What's happening now is that, you are doing a first stage NATing in PIX by natting all 192.168.1.0/24 to the PIX outside IP address (192.168.0.xxx), then the second stage NATing is done in the router by NATing all 192.168.0.0/24 to the s0 interface IP address (202.xxx.xxx.xxx)..

This should do it. Let me know how it goes.