[fw-wiz] PIX v7: routing without NAT

I have public IP addresses 1.1.1.65 to 1.1.1.96 available. I'd like the
servers behind my PIX 515E (Restricted License) to use the public IP addresses.
One hop away is my ISPs router sitting at 1.1.1.1. So the network looks like
this:

ISP router: 1.1.1.1

[ISP router]------[PIX]------[switch]---[my servers]

I'm having difficulty configuring the PIX outside/inside interface in order to
allow the servers to communicate with the internet.

If I make the inside interface 1.1.1.65/255.255.255.224, then what do I make
the outside interface? Since two interfaces cannot overlap on the same subnet.

I've tried playing around with the netmask and, at times, I'm able to ping
1.1.1.1, however I cannot ping the internet (ISP router doesn't seem to be
routing me out?).

I have heard of PIX having "Transparent Mode" but I'm not too clear on how that
is configured. Do I need an Unrestricted License for that? Is it necessary?

The _end goal_ is to have my servers sitting on different VLANs and the PIX
will act as the 802.1q trunk. This way I can filter traffic between VLANs
(which is my intention), and filter traffic with the internet.

As I am a novice, any helpful critcism is welcome.

Thanks!

-Vahid

=============================================
"Make it better before you make it faster."
=============================================

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • RE: [fw-wiz] PIX501 PAT and Static NAT problems
    ... >outside interface, why would I care? ... >>commands to allow all the internal users to connect through the PIX to the ... >>all internal users can't get to the outside of the PIX anymore. ... >>Does anyone know the right way to go about configuring this properly? ...
    (Firewall-Wizards)
  • RE: [fw-wiz] PIX501 PAT and Static NAT problems
    ... use the "interface outside" cli syntax instead of "any host". ... >commands to allow all the internal users to connect through the PIX to the ... >all internal users can't get to the outside of the PIX anymore. ... >Does anyone know the right way to go about configuring this properly? ...
    (Firewall-Wizards)
  • Re: Interesting problem with pix 515 UR
    ... Consider diabling Proxy arp on inside interface. ... This pix have only 2 ethernet interfaces; i have connected the ethernet0via a cross cable ... fixup protocol dns maximum-length 512 ... ntp server 194.100.206.70 source outside ...
    (comp.dcom.sys.cisco)
  • Interesting problem with pix 515 UR
    ... This pix have only 2 ethernet interfaces; i have connected the ethernet0via a cross cable ... interface FastEthernet0/21 ... fixup protocol dns maximum-length 512 ... ntp server 194.100.206.70 source outside ...
    (comp.dcom.sys.cisco)
  • Re: One internal network, VPN, 2 PIX
    ... all I can ping is the internal interface on the PIX that I'm VPN'ing in to. ... Do I need to add ACL's into the Corp PIX to allow the VPN traffic (I already ... the 192.168.200.* inside hosts, the inside hosts are going to ... so the interior hosts send responses to the 501); ...
    (comp.dcom.sys.cisco)