Cisco PIX 501 setup question

Posted on 2004-11-07
Last Modified: 2010-04-10
Hello all, I recently purchased a Cisco PIX 501 and have some general questions. Here is the current configuration.

* Our company has 5 static ip addresses. the first 207.*.15.89 is the public ip address.
* I have a Cisco 675 router connected to the internet. I have turned off DHCP and NAT on the router and assigned the eth1 interface one an ip address of 207.*.15.90 (another of our static ips)
* I have set the outside interface of the PIX to 207.*.15.91, and defined the gateway as the 207.*.15.90 ( eth1 on 675 )
* I have turned on DHCP on the PIX with a - range to hand out
* I have a total of 6 computers I would like to have access the internet and 1 computer that needs to be reachable from the internet.

Here are my questions:
* Is this the correct (given the situation) way to set up the 675 router?
* I would like to allow traffic from the internet to our mail and web server at, how is this performed?
* I dont understand global pools, Is it yet another layer of address translation, and where do you get the ip addresses for it?another private set of IPs?

I have a book on PIX, but am having a hard time nailing some of the concepts.

Thanks in advance - Eric
Question by:ericmiller74
    1 Comment
    LVL 3

    Accepted Solution

    1.  Yes.  Your router seems to be configured correctly for your setup

    2.  To allow traffic to get to your web and mail you need two parts.  One is an access list the other is a static NAT translation of the IP address.

         a.  First setup static nats by doing this command  static (inside,outside) 207.*.15.92
              This is assuming .92 is the next free IP address in your scope

         b.  Make an access list using the command access-list 101 permit tcp any host 207.*.15.92 eq www
              For mail just replace www with smtp or pop3

         c.  Lastly type the command access-group 101 in interface outside    this binds that access list to the outside interface to allow traffic in

    You can also use port numbers on the access list if you like i.e. www=80  smtp=25   etc.

    The global pool is used in PAT or port address translation which translates all traffic going out to the IP of the outside interface on the PIX.  Once you have an IP on the outside interface you're all set.  No need to use up another IP address.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free camera licenses with purchase of My Cloud NAS

    Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    Join Greg Farro and Ethan Banks from Packet Pushers ( and Greg Ross from Paessler ( for a discussion about smart network …
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now