Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco PIX 501: Can I place the outside/inside on the same subnet?

Posted on 2006-11-08
6
Medium Priority
?
298 Views
Last Modified: 2013-11-16
Hello All!

I am a complete routing/firewall/Cisco newbie so please bear with me and forgive my lack of knowledge as you read my question! It's in two parts: the "is this possible" part and the "how do I accomplish it" part.

I have a 192.168.1.X/24 network with a gateway of 192.168.1.1. I want to take 10 computers and restrict their access to the network (only allowing HTTP in and out to the gateway). Is it possible to place these 10 PC's behind the PIX 501 and accomplish this? Difficulty: I must keep the IP and subnet of the 10 PC's the same as the rest of the network.

If so, how would I do this? I have already set the IP of my outside and inside interface, created the HTTP rule and disabled DHCP. Now what do I do? Define static routes or something? I'm in over my head at this point in the config.

Thanks for any help you can offer!

Mike
0
Comment
Question by:jbisordi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
fm250 earned 2000 total points
ID: 17900659
Mike,
So you need to allow them access to any thing  in the network and only HTTP for outside, correct?
this can be done by defining access list for those group of IPs, and you may want to post a link Q in the firewall TA
http://www.experts-exchange.com/Security/Firewalls/ 

0
 
LVL 10

Expert Comment

by:fm250
ID: 17900713
here is an example where it allows only port 80, but rarly some webservers use different ports than 80
http://www.experts-exchange.com/Security/Firewalls/Q_21726934.html
0
 

Author Comment

by:jbisordi
ID: 17900737
fm250,

Basically I want to place 10 PC's behind the firewall, only allowing http in and out, only allowing outbound traffic to the gateway (192.168.1.1), and keeping both the inside and outside IP range and subnet the same...

Mike
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 10

Expert Comment

by:fm250
ID: 17900876
BTW, if you are securing the network as you mention in the other question then you should have all of your PCs inside the network, then define access lists
0
 
LVL 10

Expert Comment

by:fm250
ID: 17900898
did you look to the example above, also your other question should be just a pointer to this one, so you can track the comments.
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question