cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
400
Views
0
Helpful
4
Replies

Stub network accessing Internet via PIX?

jmx2020
Level 1
Level 1

Hello!

I have a PIX 515, connected to the internet via a router. I am using NAT & PAT, with a 192.168.29.x private network inside. Most users are just using PAT for Internet access, but a few have static NAT mappings as well.

Connected to my inside network is another router which connects via a ptp circuit to a smaller satellite office. Up until now, the satellite office has only needed IPX routing to us as they access a Novell server only. Their IP address are in 192.168.20.x.

I'd like to give them Internet access via my PIX. Obviously, I'll need to set up a static route in the routers in order for traffic to flow, but I'm not sure I understand how the PIX will handle PAT, and whether I could perform a static mapping of a public address to a private address on the stub network.

Can this be done?

Thanks!!

4 Replies 4

mostiguy
Level 6
Level 6

That should be all doable, as it sounds like you are running a recent enough pix os to support those features for the local office.

Thanks for the response! Yes, I have a PIX515E, running 6.2(2) & using PDM 2.1(1).

Would I need to configure a static route in the PIX, so that it knows how to find the gateway to the other private subnet? Seems like that might try to send all traffic to the subnet, even that destined for other networks (like the Internet).

Thanks for any additional comments!

Thanks for the response! Yes, I have a PIX515E, running 6.2(2) & using PDM 2.1(1).

Would I need to configure a static route in the PIX, so that it knows how to find the gateway to the other private subnet? Seems like that might try to send all traffic to the subnet, even that destined for other networks (like the Internet).

Thanks for any additional comments!

Just add another NAT statement for the subnet range of the remote network. Make sure to use the same number to reference the global command used by your primary networks NAT statement. Example -

global (outside) 1 XX.XX.XX.XX-XX.XX.XX.XX

global (outside) 1 XX.XX.XX.XX

nat (inside) 1 192.168.20.0 255.255.255.0 0 0

nat (inside) 1 192.168.29.0 255.255.255.0 0 0

Where XX.XX.XX.XX-XX.XX.XX.XX represents your public address range in use for NATing traffic to the internet. The second command is for PAT, and again the XX.XX.XX.XX represents your public address for this purpose.

Oh, and don't forget to add a static route to the PIX. Like this -

route inside 192.168.29.0 255.255.255.0 XX.XX.XX.XX

Where XX.XX.XX.XX is the internal router handling traffic from the remote network.

Rick

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: