- Posts: 2
- Thank you received: 0
Ping between 3 nets through pix
18 years 11 months ago #11656
by bird
Ping between 3 nets through pix was created by bird
Hi guys,
I'm newbie in PIX fw. I would like to setup ping between all hosts through pix.
I have configured 3 interfaces on pix. No one is connected to internet.
I've read about nat/static issues, but I don't know if it's suitable for my case, because I haven't any globall adresses from ISP provider.
3 nets:
10.12.187.0/24 sec.level 20, gw 10.12.187.250
10.7.190.0/24 sec.level 1 gw 10.7.190.11
10.12.139.0/24 sec. level 5 gw 10.12.139.250
and I want ping from 10.12.187.1 <-> 10.7.190.1
10.12.139.1 <-> 10.12.187.1
10.12.139.253 <-> 10.7.190.1
I use pix515e, ver 6.3(4)
I would like to know if this configuration is ever possible. I know that this would be task for e.g. router, but my customer has bought PIX.
Many thanks for each advice
Regards
bird
I'm newbie in PIX fw. I would like to setup ping between all hosts through pix.
I have configured 3 interfaces on pix. No one is connected to internet.
I've read about nat/static issues, but I don't know if it's suitable for my case, because I haven't any globall adresses from ISP provider.
3 nets:
10.12.187.0/24 sec.level 20, gw 10.12.187.250
10.7.190.0/24 sec.level 1 gw 10.7.190.11
10.12.139.0/24 sec. level 5 gw 10.12.139.250
and I want ping from 10.12.187.1 <-> 10.7.190.1
10.12.139.1 <-> 10.12.187.1
10.12.139.253 <-> 10.7.190.1
I use pix515e, ver 6.3(4)
I would like to know if this configuration is ever possible. I know that this would be task for e.g. router, but my customer has bought PIX.
Many thanks for each advice
Regards
bird
18 years 11 months ago #11789
by harrybaba
Replied by harrybaba on topic Re: Ping between 3 nets through pix
Lots of consideration will have to taken into account.
Not sure if PIX is the right device for the kind of application you described. If there is no security concern then having PIX will only give you more trouble. While communication has to be restricted then yes, PIX is the right device. Anyways, have a look at this link and it will give you more ideas :
www.cisco.com/en/US/products/hw/vpndevc/...186a0080094e8a.shtml
Remember this golden rule:
If packet needs to go out from inside to outside, NAT/Global has to be used.
If a packet has to be permitted from outside to inside,
1) The outside IP to which that packet is destined, has to be mapped to an inside address using "static".
2) that particular protocol/port has to be opened. (ICMP in your case)
NOTE: If an inside address is mapped to an outside address using static command, then if the packet originates from the same inside
source, the outside IP will be the one used in static command and NOT the one from the global pool.
Hope this helps !!
Not sure if PIX is the right device for the kind of application you described. If there is no security concern then having PIX will only give you more trouble. While communication has to be restricted then yes, PIX is the right device. Anyways, have a look at this link and it will give you more ideas :
www.cisco.com/en/US/products/hw/vpndevc/...186a0080094e8a.shtml
Remember this golden rule:
If packet needs to go out from inside to outside, NAT/Global has to be used.
If a packet has to be permitted from outside to inside,
1) The outside IP to which that packet is destined, has to be mapped to an inside address using "static".
2) that particular protocol/port has to be opened. (ICMP in your case)
NOTE: If an inside address is mapped to an outside address using static command, then if the packet originates from the same inside
source, the outside IP will be the one used in static command and NOT the one from the global pool.
Hope this helps !!
Time to create page: 0.121 seconds