Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: PIX Setup with PAT

from [Jim Richards] Network Security [Permanent Link]
Subject: RE: PIX Setup with PAT
Date: Wed, 15 Sep 2004 08:17:54 -0500 
The way I understand the problem is there is only 1 useable public IP...if you 
remove that IP from the ethernet interface of the router by using IP unnumbered 
and use it on the outside interface of the PIX instead, you would then use the 
serial interface IP of the router as your default route for the PIX.

-----Original Message-----
From: Andrew Shore [mailto:andrew.shore@holistecs.com]
Sent: Wednesday, September 15, 2004 3:00 AM
To: Jim Richards; Anand Srivastava; firewalls@securityfocus.com
Subject: RE: PIX Setup with PAT


The PIX has no serial interface, the serial interface is on the ISP
router which also has an Ethernet interface.

There is an Ethernet network between the router and PIX which is
unnumbered?

How can the PIX route to a gateway on a network it has no network on?

You can only set a route to an interface for point to point links which
Ethernet (by definition) can not be.

Therefore, I don't understand how this can work.

-----Original Message-----
From: Jim Richards [mailto:jrichards@meandaur.com] 
Sent: 14 September 2004 14:06
To: Andrew Shore; Anand Srivastava; firewalls@securityfocus.com
Subject: RE: PIX Setup with PAT

You don't need an IP address for the ethernet interface - you point the
default gateway of the pix to the IP of the serial interface.

-----Original Message-----
From: Andrew Shore [mailto:andrew.shore@holistecs.com]
Sent: Tuesday, September 14, 2004 3:24 AM
To: Jim Richards; Anand Srivastava; firewalls@securityfocus.com
Subject: RE: PIX Setup with PAT


This depends greatly on whether the IP supports IP unnumbered! Plus you
then need an address on the Ethernet interface of the router to talk to
the firewall interface

-----Original Message-----
From: Jim Richards [mailto:jrichards@meandaur.com] 
Sent: 11 September 2004 02:53
To: Anand Srivastava; firewalls@securityfocus.com
Subject: RE: PIX Setup with PAT

Your best bet would be to use ip unnumbered on the router ethernet
interface and put that public IP on the outside interface of the
firewall.  You can do this by entering the interface configuration and
using this command:
 
ip unnumbered serial0 (or whatever your wan interface is)

        -----Original Message----- 
        From: Anand Srivastava [mailto:anand.srivastava@global.com.pg] 
        Sent: Fri 9/10/2004 1:23 AM 
        To: firewalls@securityfocus.com 
        Cc: 
        Subject: PIX Setup with PAT
        
        

        Hi List,
        
        I have got a new PIX 515E and that needs to be setup in
following way (pretty staright forward):
        
         Internet ------- Router ------ PIX ------ LAN
                                                   |
                                                 DMZ
        
         The problem is that we have only one Public IP assigned to
router and we are using address translation for the clients on inside
network.
         Is it worth running PIX (outside address) on private addressing
scheme.
        Can someone give me an idea how to do that in the best possible
way..?
        
        
        
        regards
        Anand
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  ICMP timestamps (Re: Wierd ICMP in logs), Martin Mačok
Next by Date:  1 VPN client only through PIX, Chris Tyler
Previous by Thread:  RE: PIX Setup with PAT, Andrew Shore
Next by Thread:  RE: PIX Setup with PAT, Andrew Shore
Indexes:  [Date] [Thread] [Top] [All Lists]