1. Home
  2. Cisco Systems
  3. PIX PDM newbie

PIX PDM newbie

Hi,

we are upgrading our FW (nokia ip530) to Cisco pix 515 with graphic PDM (3.0). Since I don't have any experience of Cisco firewalls I'd like to ask a couple of questions.

In Nokia IP530 if we wanted to permit IP traffic i.e from external (outside) host 10.20.30.40 to an internal (inside) host 10.30.40.50 all we had to do was make one rule permitting traffic from inside to outside and another rule to permit traffic from outside to inside.

Now with this PIX it seems that the configuration is not that simple...it seems like we have to define NAT also. Is it possible to permit the traffic without using NAT?

If NAT must be used how do we have to configure the PIX?

Thanks in advance

-Sami R

Reply to
Sami
Loading thread data ...

You must have either NAT or a static command configured. If you are using public IPs behind the firewall, then you can use a static command instead of NAT. I.E. static (inside,outside) 10.30.40.0 10.30.40.0 netmask

255.255.255.0 0 0

That will allow traffic to flow from the inside out. After that, you will configure the PIX to accept traffic from the external host as you described.

Reply to
Brian

Is there any global command to make all the external addresses static without having to enter the static (inside,outside)... to every external host?

Is this "static" = static NAT?

-Sami

Reply to
Sami

The command Brian posted will make all inside hosts appear on the outside with their own addresses:

static (inside,outside) 10.30.40.0 10.30.40.0 netmask 255.255.255.0 0 0

This is called a network static.

/TC

"Sami" skrev i meddelandet news:FG_ie.2377$ snipped-for-privacy@news2.nokia.com...

Reply to
TC

correct

Reply to
Gerd EMail

Ok, thanks to everyone...now if I manage to do this in GUI...

-Sami

Reply to
Sami

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.