• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 593
  • Last Modified:

PIX 501 to linksys router to cable modem configuration help

Currently I have a cable modem connected to a linksys router with one PC coming off the router.  I would like to add a PIX 501 to the mix because I have other hosts that will need to be protected.  My linksys has a 192.168.1.1 local address and the machine off the router is 192.168.1.2 respectively (fully capable of getting out to the internet).  I used a cross over cable to connect the router to the uplink port on the pix.  The outside interface on the PIX is configured as 192.168.1.3 and the inside interface is 192.168.100.1.  I used a route statement of 0.0.0.0 0.0.0.0 192.168.1.1 1.  Since the PIX has 4 switch ports i plugged a laptop into one of the ports and gave it an ip address of 192.168.100.2.  I disabled NAT for now using NAT (inside) 0 0 0 for testing purposes.  I'm not too sure what to do from here? I'd like to get this internal laptop to be able to access the internet and to be able to talk to the PC on the DMZ (and vice versa).  Any suggestions?
0
lewylupo
Asked:
lewylupo
1 Solution
 
stressedout2004Commented:
Well you have two options:

1) On your linksys, you have to add the 192.168.100.0/24 on your NAT list and then add a static route for the 192.168.100.0/24 pointing back to the PIX (192.168.1.3). If you want bidirectional communication between the
PC behind the PIX and the PC on the DMZ ( I am assuming the DMZ you are referring to are host on the 192.168.1.0/24)
you need to change the NAT 0 to Static NAT and add some access-rules depending on what type of traffic you want to exchange between the two networks.

no nat (inside) 0
static (inside, outside) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.100.0 255.255.255.0
access-group 101 in interface outside

2) If you don't want to modify your linksys configuration, then you can just do static NAT and access-rule. Just allocate
an IP from the 192.168.1.0/24 that is not being used and define the static statements manually. Of course this won't be feasible if you have tons of host.

e.g

static (inside, outside) 192.168.1.150 192.168.100.2 netmask 255.255.255.255
static (inside, outside) 192.168.1.151 192.168.100.3 netmask 255.255.255.255
static (inside, outside) 192.168.1.152 192.168.100.4 netmask 255.255.255.255




0
 
lewylupoAuthor Commented:
Thanks for your help!  I got it to work using your 1st option.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now