• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 304
  • Last Modified:

Cisco PIX 501: Can I place the outside/inside on the same subnet?

Hello All!

I am a complete routing/firewall/Cisco newbie so please bear with me and forgive my lack of knowledge as you read my question! It's in two parts: the "is this possible" part and the "how do I accomplish it" part.

I have a 192.168.1.X/24 network with a gateway of 192.168.1.1. I want to take 10 computers and restrict their access to the network (only allowing HTTP in and out to the gateway). Is it possible to place these 10 PC's behind the PIX 501 and accomplish this? Difficulty: I must keep the IP and subnet of the 10 PC's the same as the rest of the network.

If so, how would I do this? I have already set the IP of my outside and inside interface, created the HTTP rule and disabled DHCP. Now what do I do? Define static routes or something? I'm in over my head at this point in the config.

Thanks for any help you can offer!

Mike
0
jbisordi
Asked:
jbisordi
  • 4
  • 2
1 Solution
 
fm250Commented:
Mike,
So you need to allow them access to any thing  in the network and only HTTP for outside, correct?
this can be done by defining access list for those group of IPs, and you may want to post a link Q in the firewall TA
http://www.experts-exchange.com/Security/Firewalls/ 

0
 
fm250Commented:
here is an example where it allows only port 80, but rarly some webservers use different ports than 80
http://www.experts-exchange.com/Security/Firewalls/Q_21726934.html
0
 
jbisordiAuthor Commented:
fm250,

Basically I want to place 10 PC's behind the firewall, only allowing http in and out, only allowing outbound traffic to the gateway (192.168.1.1), and keeping both the inside and outside IP range and subnet the same...

Mike
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
fm250Commented:
BTW, if you are securing the network as you mention in the other question then you should have all of your PCs inside the network, then define access lists
0
 
fm250Commented:
did you look to the example above, also your other question should be just a pointer to this one, so you can track the comments.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now