Solved

Adding a PIX to a network with an ASA already in place.

Posted on 2009-07-06
4
193 Views
Last Modified: 2012-05-07
Currently we have DSL with 6 usable static IP's (49-54).  I'm pretty sure that our Modem has NAT disabled and Our ASA acts as the gateway.  Our DSL Modem/Router gets xxx.215.125.49.  Our ASA Takes xxx.215.125.50 with a global set as xxx.215.125.51 and a static route from xxx.215.125.52 to our SBS server 192.168.xxx.10.

What I want to do is set up our old PIX firewall for a Dev environment separate from our office network.  I want to use one (or both if necessary) of the remaining IPs xxx.215.125.53 and 54 for this and connect it straight to the DSL Modem/Router.  I would like the inside network to be 192.168.10.xxx.  I will probably have more than one computer connected to the Dev environment so they would have to share the 53 (and/or 54) IP.

It would look something like this:
                                   
                                   |-------  ASA ------- Switch -------- Office network
DSL Modem/Router ---|
                                   |------- PIX ------- Switch -------- Dev network

Can someone please help me configure the PIX for this.  Please include the PIX commands too.   Thanks!
0
Comment
Question by:jhulsey
  • 2
  • 2
4 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24791161
are you configuring a new one? or does it have an existing config in it?
Have you console or telnet access?
Is it currently connected to said networks?
What is the PIX model what version is it running?
Commands will be dependent..

Have you tried the web configuration wizard that comes with the pix?

Seems quite straigtforward, just define the ethernet ports (outside and inside)
Then the security levels (0 and 100 respectfully)
a nat command like:
nat (inside) 1 0.0.0.0 0.0.0.0 dns

and finally an access-list.
ie.
access-list inside_access_in extended allow tcp any any

0
 

Author Comment

by:jhulsey
ID: 24793040
It's a PIX 506e running 6.3(3).   I am connecting via hiper terminal and the console serial cable.  Yes, it is connected to the said network now.  It already has access-list set up for xxx.215.125.53 address, so yes, it has an existing configuration that I've effectively butchered trying to modify for this task.

Here are some of the current settings:
Routes:
outside 0.0.0.0 0.0.0.0 68.215.125.49 1 OTHER Static
outside xxx.215.125.48 255.255.255.248 xxx.215.125.53 1 Connect Static
inside 192.168.0.0 255.255.255.0 192.168.0.1 1 Connect Static

IP inside:   192.168.10.1
IP outside: xxx.215.125.53

NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

Static: (inside,outside) xxx.215.125.53 192.168.10.10 netmask 255.255.255.255 0 0

Some of these are from the original configuration and anything with the .53 is what I have changed.  It used to be configured with a global (outside) 1 xxx.215.125.51, but I removed that to try and use nat with a single IP.

Thanks for your help, I hope this helps.
0
 
LVL 23

Accepted Solution

by:
debuggerau earned 500 total points
ID: 24799447
and what is it doing now?
Got access yet, or would you like me to look at the config.

I suggest trying a 'show tech' to get the config out without the password etc.
Then it just a matter of xx'ing your public IP, although I mask mine with the router firstly..

command reference here:
http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/mr.html#wp1032129
0
 

Author Closing Comment

by:jhulsey
ID: 31600454
Sorry for the delay... Thanks for your help!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

What is IRC? IRC (Internet Relay Chat) is a form of communication between multiple users. It is available freely to anyone with inernet access. IRC is a great way to communicate with others e.g. There is an IRC channel for Ubuntu Linux, which is fo…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now