Solved

Cisco PIX 501: Can I place the outside/inside on the same subnet?

Posted on 2006-11-08
6
292 Views
Last Modified: 2013-11-16
Hello All!

I am a complete routing/firewall/Cisco newbie so please bear with me and forgive my lack of knowledge as you read my question! It's in two parts: the "is this possible" part and the "how do I accomplish it" part.

I have a 192.168.1.X/24 network with a gateway of 192.168.1.1. I want to take 10 computers and restrict their access to the network (only allowing HTTP in and out to the gateway). Is it possible to place these 10 PC's behind the PIX 501 and accomplish this? Difficulty: I must keep the IP and subnet of the 10 PC's the same as the rest of the network.

If so, how would I do this? I have already set the IP of my outside and inside interface, created the HTTP rule and disabled DHCP. Now what do I do? Define static routes or something? I'm in over my head at this point in the config.

Thanks for any help you can offer!

Mike
0
Comment
Question by:jbisordi
  • 4
  • 2
6 Comments
 
LVL 10

Accepted Solution

by:
fm250 earned 500 total points
ID: 17900659
Mike,
So you need to allow them access to any thing  in the network and only HTTP for outside, correct?
this can be done by defining access list for those group of IPs, and you may want to post a link Q in the firewall TA
http://www.experts-exchange.com/Security/Firewalls/

0
 
LVL 10

Expert Comment

by:fm250
ID: 17900713
here is an example where it allows only port 80, but rarly some webservers use different ports than 80
http://www.experts-exchange.com/Security/Firewalls/Q_21726934.html
0
 

Author Comment

by:jbisordi
ID: 17900737
fm250,

Basically I want to place 10 PC's behind the firewall, only allowing http in and out, only allowing outbound traffic to the gateway (192.168.1.1), and keeping both the inside and outside IP range and subnet the same...

Mike
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:jbisordi
ID: 17900843
0
 
LVL 10

Expert Comment

by:fm250
ID: 17900876
BTW, if you are securing the network as you mention in the other question then you should have all of your PCs inside the network, then define access lists
0
 
LVL 10

Expert Comment

by:fm250
ID: 17900898
did you look to the example above, also your other question should be just a pointer to this one, so you can track the comments.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now