Scenario 71 Solution

Cisco PIX Firewalls need to NAT any nonregistered IP address space. In particular, the Class A 10.0.0.0/8 is not routable in the Internet, so you must use NAT to permit access, or you could re-address your entire network, which clearly is not an exercise you will do often.

The following command will NAT all inside addresses:

Before you can access the Internet, you must also tell the PIX (remember the PIX is not as intelligent as a router; RIP can be configured by the network administrator), and you must route IP data with the command shown here:

route outside 0.0.0.0 0.0.0.0 <default-gateway>

This command installs a default route where IP datagrams will be sent, typically, the perimeter router or ISP router.

0 0

Post a comment