Re: [fw-wiz] PIX v7: routing without NAT?



This might be a semi-beginner question as well, but as described you
have an external IP on the inside interface of the PIX - is that
intentional? I would expect to see a public IP address on your
external PIX interface and a private, non-'Net address on the internal
device. Your internal PC would use that private address as it's
default gateway (or the switch/router would) thereby allowing the PIX
to get it and shove off all traffic not destined for networks directly
connected to it to its own default gateway, your ISP router.

Again, to me, it would seem that they way you have explained it is
that the PIX would have to act as a bridge or switch. Your tests seem
to prove that as well since naturally the inside PC can ping the
inside interface of the PIX, they're on the same network and directly
connected, as should the external PC/PIX Interface work. However,
going from the inside PC to the outside PC you're trying to travel
over a device that doesn't know what to do with it.

On 1/17/06, Vahid Pazirandeh <vpaziran@xxxxxxxxx> wrote:
> Hi All,
>
> At our co-lo, we have IPs *.65 to *.97 available. I'm trying to setup a mock
> network before touching the production environment.
>
> Our ISP router will be sitting on *.64, and we'd like to use external IPs for
> all our servers that are behind the PIX. Is this possible?
>
> I've run some tests (and mind you I am new to pix), and it seems that the ARP
> requests are not passing through the pix. I'm also not sure that the network
> design we're using is going to work as intended. Any thoughts?
>


Relevant Pages

  • Re: Interesting problem with pix 515 UR
    ... Consider diabling Proxy arp on inside interface. ... This pix have only 2 ethernet interfaces; i have connected the ethernet0via a cross cable ... fixup protocol dns maximum-length 512 ... ntp server 194.100.206.70 source outside ...
    (comp.dcom.sys.cisco)
  • Interesting problem with pix 515 UR
    ... This pix have only 2 ethernet interfaces; i have connected the ethernet0via a cross cable ... interface FastEthernet0/21 ... fixup protocol dns maximum-length 512 ... ntp server 194.100.206.70 source outside ...
    (comp.dcom.sys.cisco)
  • Re: Implicit rule PIX
    ... >>So i have block acces from DMZ to inside first and then allow DMZ acces ... Given the above rule applied to the DMZ interface, ... the complete network is a public ip /24 network devided into ... The pix has to control who can talk to who, ...
    (comp.dcom.sys.cisco)
  • Re: Implicit rule PIX
    ... >>So i have block acces from DMZ to inside first and then allow DMZ acces ... Given the above rule applied to the DMZ interface, ... the complete network is a public ip /24 network devided into ... The pix has to control who can talk to who, ...
    (comp.dcom.sys.cisco)
  • Re: One internal network, VPN, 2 PIX
    ... all I can ping is the internal interface on the PIX that I'm VPN'ing in to. ... Do I need to add ACL's into the Corp PIX to allow the VPN traffic (I already ... the 192.168.200.* inside hosts, the inside hosts are going to ... so the interior hosts send responses to the 501); ...
    (comp.dcom.sys.cisco)