In article , DP wrote: :I have just been given a PIX 501 to configure and have very little :knowledge of CISCO routers.
formatting link
is the Cisco PIX Firewall and VPN Configuration Guide, Version 6.3
:My configuration sounds simple, I do not want DHCP and I do not think I :have any VPN requirements at moment.
:I want the inside IP addresses to be the same as the outside
I notice you say "addresses". Is it correct that you have multiple public IP addresses, and that none of the "inside" IP addresses need to be the same as the PIX's IP address?
:and I want :to be able to specifically enable ports when required and on an :individual or group basis, i.e. everyone needs SMTP, POP and WEB, some :need to use NetMeeting, SSH etc.
Is that for incoming or outgoing?
:I also need to know how to allow access to a single IP address from :outside.
That would tend to imply that the paragraph above was with respect to outgoing, but tis better to ask and be sure.
Your requirement to user inside IP addresses that are the same as the outside could be troublesome. The PIX will not allow you to put the inside and outside interfaces into the same subnet. To solve this, you have two choices:
a) use an IP address in a different range for your PIX outside interface IP and you or your ISP must route the internal public IP subnet to that outside subnet; or
b) use an inside interface IP address in a private IP range, and have an inside router in that range, and set up individual host routes for each inside IP, directing it to the inside router. The inside router then has an interface in that range (as well as the private range) and so redistributes the traffic. For example,
ip address outside 123.45.67.1 netmask 255.255.255.248 ip address inside 192.168.67.1 netmask 255.255.255.0 route inside 123.45.67.2 255.255.255.255 192.168.67.2 route inside 123.45.67.3 255.255.255.255 192.168.67.2 route inside 123.45.67.4 255.255.255.255 192.168.67.2 route inside 123.45.67.5 255.255.255.255 192.168.67.2 route inside 123.45.67.6 255.255.255.255 192.168.67.2
For the other answers... please review the configuration guide.