I want to use my Cisco PIX 501 as a NATing device. My modem IP is 10.20.23.1 255.255.255.0 which means the outside IP address of the 501 is 10.20.23.2 255.255.255.0 the inside address is 192.168.200.1 255.255.255.0
Can anyone help please with a script to NAT between 192.168.200.x to the 10.20.23.2 addresses. The gateway address I assume is the 192.168.200.1?
2006-09-12
07:17:54
·
5 answers
·
asked by
Anonymous
in
Computers & Internet
➔ Computer Networking
192.168.200.1 is the PIX address. However i cannot get past the Firewall. I can ping the inside address but not the outside IP. If I use a console connection I can ping all ports and all devices.
2006-09-12
07:49:22 ·
update #1
NAT is enabled on the PIX by default. If you look on the Translation rules tab of the PDM interface you should see the Dynamic NAT rule. Reading across it should read Inside, Inside:any / 0.0.0.0, outside, 10.20.23.2 (interface PAT), No, Unlimited, Unlimited, Yes.
On the Access Rules tab of the PDM interface, make sure you have the Implicit outbound rule at the top of the list. Source: any, Destination: any, Interface: inside(outbound), Service: IP
On the System Properties tab, click Routing...Static route. You should have an entry that reads "outside, 0.0.0.0 0.0.0.0 10.20.23.1 1" If not, click Add. Select interface outside. From top to bottom, enter the following: IP Address: 0.0.0.0, Gateway: 10.20.23.1, Mask: 0.0.0.0, Metric: 1. Note that this looks a bit out of sequence but it IS correct. Click OK, Click Apply, Click Save.
You should now be able to ping the modem (actually it's a router if it has an IP address) address 10.20.23.1. You won't be able to ping the outside interface of the PIX from the protected network although you will be able to ping both from the PDM interface. This is normal, even if you have enabled ICMP on the outside interface.
If this doesn't work, hook your PC directly to the modem and set it's IP address at 10.20.23.1. If this does work, you have a modem, not a router. Change the outside IP address of the PIX to 10.20.23.1 and delete the static route entry.
The gateway address for machines on the protected network is 192.168.200.1.
If this still doesn't work, e-mail me directly and I'll see what I can do to help. I'll need all of the details that your ISP gave you for setting up your system.
2006-09-12 17:54:46
·
answer #1
·
answered by Bostonian In MO 7
·
0⤊
0⤋
You need to have both your router and pc in the same network, ie:
router lan ip 10.20.23.1
pc ip 10.20.23.2
the sub-net mask for these will be 255.0.0.0, only the 10 in the ip is masked as the remaining 3 octets are for host identification.
I'd recommend doing it the other way round though, by putting your router into the same range as the pc ie:
router lan ip 192.168.200.1
pc ip 192.168.200.2
sub-net mask 255.255.255.0
this is easily done by using the DHCP capabilities of the router, set this up to assign the pc with the correct details. The default gateway is the ip address of the device that you go through (just like you would a gate) to break out of your internal network, or in other words the internal ip address of the modem
2006-09-12 10:10:23
·
answer #2
·
answered by gp 3
·
0⤊
1⤋
i dont think you will need a script. 192.168.200.1 would be the network address, not the gateway. The default gateway would need to be the address of the PIX. Also, with those default gateways, 192.168.200.x and 10.20.23.x are on different subnets. I would suggest using a 10.x address for your internal NAT IPs for simplicity purposes.
2006-09-12 07:24:14
·
answer #3
·
answered by dzr0001 5
·
0⤊
1⤋
ok... First, a 5XX pics ought to be initially configured with the help of skill of a serial connection. 2nd, you should be extra particular relating to the ruleset you prefer to be certain, and whehter you like it to be a VPN endpoint besides. The pics seems somewhat redundant with the setup you describe, and extremely frankly, i think of you're in somewhat over your head. e mail me and that i will walk you thru an valuable and maintain configuration of your comprehensive community.
2016-11-07 04:31:51
·
answer #4
·
answered by falls 4
·
0⤊
0⤋
One like from config mode:
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
Done
2006-09-14 03:41:20
·
answer #5
·
answered by cable_kill 3
·
1⤊
0⤋