Solved

Cisco PIX 501: Can I place the outside/inside on the same subnet?

Posted on 2006-11-08
6
297 Views
Last Modified: 2013-11-16
Hello All!

I am a complete routing/firewall/Cisco newbie so please bear with me and forgive my lack of knowledge as you read my question! It's in two parts: the "is this possible" part and the "how do I accomplish it" part.

I have a 192.168.1.X/24 network with a gateway of 192.168.1.1. I want to take 10 computers and restrict their access to the network (only allowing HTTP in and out to the gateway). Is it possible to place these 10 PC's behind the PIX 501 and accomplish this? Difficulty: I must keep the IP and subnet of the 10 PC's the same as the rest of the network.

If so, how would I do this? I have already set the IP of my outside and inside interface, created the HTTP rule and disabled DHCP. Now what do I do? Define static routes or something? I'm in over my head at this point in the config.

Thanks for any help you can offer!

Mike
0
Comment
Question by:jbisordi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
fm250 earned 500 total points
ID: 17900659
Mike,
So you need to allow them access to any thing  in the network and only HTTP for outside, correct?
this can be done by defining access list for those group of IPs, and you may want to post a link Q in the firewall TA
http://www.experts-exchange.com/Security/Firewalls/ 

0
 
LVL 10

Expert Comment

by:fm250
ID: 17900713
here is an example where it allows only port 80, but rarly some webservers use different ports than 80
http://www.experts-exchange.com/Security/Firewalls/Q_21726934.html
0
 

Author Comment

by:jbisordi
ID: 17900737
fm250,

Basically I want to place 10 PC's behind the firewall, only allowing http in and out, only allowing outbound traffic to the gateway (192.168.1.1), and keeping both the inside and outside IP range and subnet the same...

Mike
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 10

Expert Comment

by:fm250
ID: 17900876
BTW, if you are securing the network as you mention in the other question then you should have all of your PCs inside the network, then define access lists
0
 
LVL 10

Expert Comment

by:fm250
ID: 17900898
did you look to the example above, also your other question should be just a pointer to this one, so you can track the comments.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question