Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

515e FW

anyone, kindly help me in interpreting the attached file for the commands highlighted in red for 515e pix firewall. What it does? thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: 515e FW

Hi there,

>global (outside) 1 192.168.73.3-192.168.73.6 netmask 255.255.255.248

This command ALONE makes a NAT-pool attached to your "outside" interface. The pool is given the NAT_ID "1" and contains the IP-addresses 192.168.73.3, 192.168.73.4, 192.168.73.5 and 192.168.73.6. The netmask keyword and the following netmask is used mainly as a guideline for the PIX as to know what part of the addresses can be used (it won't use the subnet or broadcast addresses).

>global (outside) 1 192.168.73.2 netmask 255.255.255.248

This command ALONE makes a PAT-pool attached to your "outside" interface. The pool is given the NAT_ID "1" and contains the IP-address 192.168.73.2.

The two latter commands combined makes a single pool of 4 NAT-addresses and a overflow mechanism of one PAT-address.

>nat (inside) 1 0.0.0.0 0.0.0.0 0 0

This command instructs the PIX to inspect the traffic specified by "0.0.0.0 0.0.0.0" which translates to "all traffic" entering the "inside" interface and assign a NAT_ID of "1" to this traffic.

What happens now is that when traffic enters the "inside" interface and exits the "outside" interface, the traffic will be NAT'ed (or PAT'ed depending on the amount of traffic) according to the NAT-pool with a NAT_ID of "1".

>access-group 100 in interface outside

This command instructs the PIX to use access-list named "100" to inspect all traffic ENTERING ("in") the "outside" interface

>route outside 0.0.0.0 0.0.0.0 192.168.74.17 1

This command sets a default route ("0.0.0.0 0.0.0.0") out the "outside" interface and to route the traffic to the "192.168.74.17" address. The metric of this route is "1".

>route inside 10.10.0.0 255.255.0.0 192.16.30.13 1

This command routes the "10.10.0.0 255.255.0.0" network out the "inside" interface to the "192.16.30.13" address. The metric of this route is "1".

See the command reference for more information:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_book09186a008017284e.html

Did it help? If so, please rate it.

2 REPLIES
Silver

Re: 515e FW

Hi there,

>global (outside) 1 192.168.73.3-192.168.73.6 netmask 255.255.255.248

This command ALONE makes a NAT-pool attached to your "outside" interface. The pool is given the NAT_ID "1" and contains the IP-addresses 192.168.73.3, 192.168.73.4, 192.168.73.5 and 192.168.73.6. The netmask keyword and the following netmask is used mainly as a guideline for the PIX as to know what part of the addresses can be used (it won't use the subnet or broadcast addresses).

>global (outside) 1 192.168.73.2 netmask 255.255.255.248

This command ALONE makes a PAT-pool attached to your "outside" interface. The pool is given the NAT_ID "1" and contains the IP-address 192.168.73.2.

The two latter commands combined makes a single pool of 4 NAT-addresses and a overflow mechanism of one PAT-address.

>nat (inside) 1 0.0.0.0 0.0.0.0 0 0

This command instructs the PIX to inspect the traffic specified by "0.0.0.0 0.0.0.0" which translates to "all traffic" entering the "inside" interface and assign a NAT_ID of "1" to this traffic.

What happens now is that when traffic enters the "inside" interface and exits the "outside" interface, the traffic will be NAT'ed (or PAT'ed depending on the amount of traffic) according to the NAT-pool with a NAT_ID of "1".

>access-group 100 in interface outside

This command instructs the PIX to use access-list named "100" to inspect all traffic ENTERING ("in") the "outside" interface

>route outside 0.0.0.0 0.0.0.0 192.168.74.17 1

This command sets a default route ("0.0.0.0 0.0.0.0") out the "outside" interface and to route the traffic to the "192.168.74.17" address. The metric of this route is "1".

>route inside 10.10.0.0 255.255.0.0 192.16.30.13 1

This command routes the "10.10.0.0 255.255.0.0" network out the "inside" interface to the "192.16.30.13" address. The metric of this route is "1".

See the command reference for more information:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_book09186a008017284e.html

Did it help? If so, please rate it.

Community Member

Re: 515e FW

thanks a million pal!

112
Views
0
Helpful
2
Replies
CreatePlease to create content