?
Solved

configuring inside and outside IP address

Posted on 2008-11-12
6
Medium Priority
?
652 Views
Last Modified: 2012-06-27
I have a PIX that I am working on.  I have worked with other Cisco products before, but only for updating already configured devices.  This one is from scratch.

I was trying to set the IP addresses for the device and found that you can not set the IPs for the outside and inside to be the same.

I was looking to have the Pix use the modem as a gateway and then have all my other devices use the Pix as a gateway.  I was going to assign the inside and outside IP address the same to make things easy, but it looks like I wil need to assign a different subnet to one of the two?

Any suggestions?  Also if anyone has some links about programming a PIX, it would be great.
0
Comment
Question by:ryan80
6 Comments
 
LVL 14

Expert Comment

by:Kutyi
ID: 22947829
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html

If your ISP provides DHCP then enter tthe address with the following command:
IP Address outside dhcp setroute

Set your internal IP address to a non-routable address like 192.168.1.1 (default for a pix 501)

Hope this helps.  By the way if this is a new unit then CISCO will help you set it up for FREE.
0
 
LVL 3

Expert Comment

by:H_Harry
ID: 22948358
Are you sure you want the PIX to use the modem as the gateway? What type of modem is it - i.e. a home ADSLRouter/Modem or a commercial type dedicated modem?
Since you want the pix to use the modem as the gateway I will assume it is a router/modem. if this is the case you just need to set the Outside IP address of the PIX to be on the same subnet as the private IP of the modem, and then set a default route pointing at the modem,
Then on the Inside interface set an IP that is valid for your internal subnet in use and point your clients to this IP as their default gateway - when traffic comes into the PIX if there is no specific route for it, the PIX will adhere to its default route and send the traffic to the modem/router which by the looks of your question is what you want.
If your modem is not a router/modem type than as mentioned by Kutyi ^ set the outside IP to pick up a DHCP IP from the ISP via the modem and just assign the Inside interfaces IP as normal and still point your internal hosts to this IP as their Default Gateway - the PIX will do the rest for you.
0
 
LVL 6

Expert Comment

by:ricks_v
ID: 22955145
this is the most configuration for pix / asa example:

10.0.0.x(LAN) <--->10.0.0.1/24 (inside) PIX (outside) 192.168.1.2 <-----> 192.168.1.1(inside) ADSL x.x.x.x(internet address)

gateway for clients will be 10.0.0.1 , gateway for pix will be 192.168.1.1 .

another common solution will be:
 10.0.0.x(LAN) <--->10.0.0.1/24 (inside) PIX (outside) dhcp / internet address <-----> ADSL with DMZ mode

NO same subnet ip address can be assigned for inside and outside, because will cause device confusion where to pass 10.x.x.x network for example.
Also Access will not be able to be configured properly between inside and outside.
Additional infos,  outside will have lower security level setting (e.g 0) , inside will have higher (e.g 100)



0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 12

Author Comment

by:ryan80
ID: 22955515
I guess what i really wanted to do is this:

i already have a Sonicwall device that I use as my firewall/ router.  i am really just learning Cisco configurations and wanted to use the PIX as a test bed.  i was hoping to have it be inside my network and have both ends be in the same subnet and then do static routing for the IPs that would be on the LAN side of the PIX.  This way I could put one computer behind the PIX firewall to test the firewall.

I guess I could do static routing of another subnet throught the PIX and make the computer behind the PIX accessable to the rest of the network.

Does this sound feasable?
0
 
LVL 6

Accepted Solution

by:
ricks_v earned 2000 total points
ID: 22958164
ok, that's possible.
but we will have to do it differently ( as no same ip subnet can be assign on outside and inside of the pix)

It's gona be like this:
PIX (outside) 10.0.0.x connect to sonicwall device 10.0.0.x
PIX (inside) 192.168.1.1 connect to test pc (192.168.1.2)

-how to get the pc talk to the 10.0.0.x network ?
by using NAT static (inside,outside) and and (outside,inside) , and possibly PAT too if required for certain traffic only.
so what happen, when pc tries to reach the 10.x.x.x network, it will not have source 192.x.x.x anymore. NAT will change the pc ip to 10.x.x.x and will able to have access.

-how to apply access list?
apply access list on the pix (inside, outside, vice versa), certain 192..x.x.x allow/block certain 10.x.x.x destionaion or source.

Im just giving general idea here, for commands try google: nat (inside,outside) x.x.x.x bla bla

0
 
LVL 12

Author Closing Comment

by:ryan80
ID: 31516280
Ok figured that I would have to do something like this.  Thanks for the input.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question