Scenario Solution

Cisco PIX Firewalls need to be enabled for NAT for any nonregistered IP address spaces such as the addresses listed in RFC1918. In particular, the Class A 10.0.0.0/8 is not routable in the Internet, so you must use NAT to permit access, or you could re-address your entire network, which clearly is not an exercise you will do often. Even if you re-addressed your entire network, you would still need to configure nat, nat 0, nat 0 acl, or statics on the firewall to permit IP traffic.

The following command will configure the PIX Firewall for NAT, on the inside addresses:

Before you can access the Internet, you must also configure the PIX Firewall for routing (remember, the PIX Firewall is not as intelligent as a router until version 6.3, where OSPF is supported); RIP can be configured by the network administrator, and you must route IP data with the command shown here:

This command installs a default route where IP datagrams will be sent, typically, the perimeter router or ISP router.

0 0

Post a comment