- Posts: 12
- Thank you received: 0
Connecting Cisco PIX 515E to cisco router
18 years 9 months ago #12763
by Wimpsy
Connecting Cisco PIX 515E to cisco router was created by Wimpsy
I am trying to connect a cisco 515e pix firewall to a router. The connection is such that the inside interface of the pix connects to the switch on the lan and the outside interface connects to the router pointing to the ISP.
The inside hosts all have a class C private address and PAT is being applied to translate the adresses to a public address. The outside interface of the pix and the router ethernet interface are on a class A private address subnet.The router serial interface has been assigned the public address being used for PAT.
Hosts on Lan can ping inside interface of pix but not outside interface of pix. Kindly assist.
The inside hosts all have a class C private address and PAT is being applied to translate the adresses to a public address. The outside interface of the pix and the router ethernet interface are on a class A private address subnet.The router serial interface has been assigned the public address being used for PAT.
Hosts on Lan can ping inside interface of pix but not outside interface of pix. Kindly assist.
18 years 9 months ago #12807
by bimmer
Replied by bimmer on topic Re: Connecting Cisco PIX 515E to cisco router
From CISCO site: Inbound ICMP through the PIX is denied by default. Outbound ICMP is permitted, but the incoming reply is denied by default.
More here:
www.firewall.cx/ftopict-2075.html
I don't know why you'll need to ping the outside interface from the protected side but I think this is how is supposed to be. I tried it on my 515 and is doing the same thing. Other than that everything is normal. However pinging the outside (ISP) interface of your router will work.
More here:
www.firewall.cx/ftopict-2075.html
I don't know why you'll need to ping the outside interface from the protected side but I think this is how is supposed to be. I tried it on my 515 and is doing the same thing. Other than that everything is normal. However pinging the outside (ISP) interface of your router will work.
18 years 9 months ago #12820
by Wimpsy
Replied by Wimpsy on topic Re: Connecting Cisco PIX 515E to cisco router
The ping to the outside interface of the pix was being done to test connectivity. The problem is that without the pix firewall the hosts on the LAN are able to access the internet, the moment the pix is connected hosts canot access the internet.What step am I missing? Kindly assist.
18 years 9 months ago #12884
by ramasamy
Hi,
You cannot ping the outside interface of the firewall from inside network or from outside network to the inside interface of the firewall. It is disabled by default because PIX is a security device and you cannot enable it by applying Access control list or by doing anything. You cannot even Telnet, SSH the outside interface from inside network and Wise versa
Replied by ramasamy on topic Re: Connecting Cisco PIX 515E to cisco router
I am trying to connect a cisco 515e pix firewall to a router. The connection is such that the inside interface of the pix connects to the switch on the lan and the outside interface connects to the router pointing to the ISP.
The inside hosts all have a class C private address and PAT is being applied to translate the adresses to a public address. The outside interface of the pix and the router ethernet interface are on a class A private address subnet.The router serial interface has been assigned the public address being used for PAT.
Hosts on Lan can ping inside interface of pix but not outside interface of pix. Kindly assist.
Hi,
You cannot ping the outside interface of the firewall from inside network or from outside network to the inside interface of the firewall. It is disabled by default because PIX is a security device and you cannot enable it by applying Access control list or by doing anything. You cannot even Telnet, SSH the outside interface from inside network and Wise versa
18 years 9 months ago #12885
by ramasamy
Hi,
Regarding this check the route in your router and in the PIX. The router should have route to your LAN, Directly Connected network and a default router to the ISP router and in PIX you should have inside and outside Directly Connected network and a default route to pix inside interface.
Replied by ramasamy on topic Re: Connecting Cisco PIX 515E to cisco router
The ping to the outside interface of the pix was being done to test connectivity. The problem is that without the pix firewall the hosts on the LAN are able to access the internet, the moment the pix is connected hosts canot access the internet.What step am I missing? Kindly assist.
Hi,
Regarding this check the route in your router and in the PIX. The router should have route to your LAN, Directly Connected network and a default router to the ISP router and in PIX you should have inside and outside Directly Connected network and a default route to pix inside interface.
18 years 9 months ago #12930
by Wimpsy
Replied by Wimpsy on topic Re: Connecting Cisco PIX 515E to cisco router
Thanks for all the replies to my query. The problem has been fixed. Hosts are able to connect to the internet now. I applied the clear arp command on the router and the clear xlate command on the pix. Thanks for the insight on the ping issue.[/b]
Time to create page: 0.134 seconds