Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 316
  • Last Modified:

Adding a PIX to a network with an ASA already in place.

Currently we have DSL with 6 usable static IP's (49-54).  I'm pretty sure that our Modem has NAT disabled and Our ASA acts as the gateway.  Our DSL Modem/Router gets xxx.215.125.49.  Our ASA Takes xxx.215.125.50 with a global set as xxx.215.125.51 and a static route from xxx.215.125.52 to our SBS server 192.168.xxx.10.

What I want to do is set up our old PIX firewall for a Dev environment separate from our office network.  I want to use one (or both if necessary) of the remaining IPs xxx.215.125.53 and 54 for this and connect it straight to the DSL Modem/Router.  I would like the inside network to be 192.168.10.xxx.  I will probably have more than one computer connected to the Dev environment so they would have to share the 53 (and/or 54) IP.

It would look something like this:
                                   
                                   |-------  ASA ------- Switch -------- Office network
DSL Modem/Router ---|
                                   |------- PIX ------- Switch -------- Dev network

Can someone please help me configure the PIX for this.  Please include the PIX commands too.   Thanks!
0
jhulsey
Asked:
jhulsey
  • 2
  • 2
1 Solution
 
debuggerauCommented:
are you configuring a new one? or does it have an existing config in it?
Have you console or telnet access?
Is it currently connected to said networks?
What is the PIX model what version is it running?
Commands will be dependent..

Have you tried the web configuration wizard that comes with the pix?

Seems quite straigtforward, just define the ethernet ports (outside and inside)
Then the security levels (0 and 100 respectfully)
a nat command like:
nat (inside) 1 0.0.0.0 0.0.0.0 dns

and finally an access-list.
ie.
access-list inside_access_in extended allow tcp any any

0
 
jhulseyAuthor Commented:
It's a PIX 506e running 6.3(3).   I am connecting via hiper terminal and the console serial cable.  Yes, it is connected to the said network now.  It already has access-list set up for xxx.215.125.53 address, so yes, it has an existing configuration that I've effectively butchered trying to modify for this task.

Here are some of the current settings:
Routes:
outside 0.0.0.0 0.0.0.0 68.215.125.49 1 OTHER Static
outside xxx.215.125.48 255.255.255.248 xxx.215.125.53 1 Connect Static
inside 192.168.0.0 255.255.255.0 192.168.0.1 1 Connect Static

IP inside:   192.168.10.1
IP outside: xxx.215.125.53

NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

Static: (inside,outside) xxx.215.125.53 192.168.10.10 netmask 255.255.255.255 0 0

Some of these are from the original configuration and anything with the .53 is what I have changed.  It used to be configured with a global (outside) 1 xxx.215.125.51, but I removed that to try and use nat with a single IP.

Thanks for your help, I hope this helps.
0
 
debuggerauCommented:
and what is it doing now?
Got access yet, or would you like me to look at the config.

I suggest trying a 'show tech' to get the config out without the password etc.
Then it just a matter of xx'ing your public IP, although I mask mine with the router firstly..

command reference here:
http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/mr.html#wp1032129
0
 
jhulseyAuthor Commented:
Sorry for the delay... Thanks for your help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now