Allow Internal machine to surf through Router via Pix

Hello,

1. My router (207.x.x.50) is setup to allow only addresses within a range to surf through it:

207.x.x.(51-55)

If I configure a computer with one of these ips(e.g 207.x.x.52), Netmask of 255.255.255.248 Gateway 207.x.x.50 and connect the computer to the router via a crossover cable I can surf ok.

2. I connected a Pix 501 (assigned it IP 207.x.x.51) to the router to protect my computers. The default configuration for the Pix should allow me to access the Internet from these computers, but I can't. Knowing that only certain IPs are supported by the router, when I configured the Pix using PDM I selected the option to not use NAT/PAT, but instead pass the IP address for the computer straight to the router. However still can't surf.

I suspect the issue may be that the Pix is seeing an IP address of 207.x.x.52 on the inside interface, where it expects one like 192.168.1.3 And I can't use an IP in this format since the router doesn't support it. Plus these are going to be DNS servers which are accessible outside my network, so I don't want the Pix to hide the addresses.

If so would the following address my issue:

static (inside,outside) 207.x.x.51 192.168.1.3 255.255.255.248 255.255.255.0

Any other suggestions?

Hello,

Also note that in the "NAT and PAT" portion of the configuration wizard I had selected "Do not translate any addresses"

However, if I select PAT (Use IP address on outside interface) then the computer can surf.


So my question is: How do I allow my DNS/Web server to be accessible via its external IP while using the Pix?

Why would you want your servers to have an outside address? Have you considered setting up a 1 to 1 NAT with the outside address translating to the internal address of your web server(DMZ)? You could also create a policy based NAT that will forward certain services to different internal address from one external address.