Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: PIX Setup with PAT

from [Andrew Shore] Network Security [Permanent Link]
Subject: RE: PIX Setup with PAT
Date: Wed, 15 Sep 2004 14:59:18 +0100 
I still maintain that the easiest way to do this is to over load the
external address and map individual ports through.

This works perfectly for a number of our customers and it gives us
secure access to the firewall (via ssh) over the internet to manage the
box.

-----Original Message-----
From: Jim Richards [mailto:jrichards@meandaur.com] 
Sent: 15 September 2004 14:18
To: Andrew Shore; Anand Srivastava; firewalls@securityfocus.com
Subject: RE: PIX Setup with PAT

The way I understand the problem is there is only 1 useable public
IP...if you remove that IP from the ethernet interface of the router by
using IP unnumbered and use it on the outside interface of the PIX
instead, you would then use the serial interface IP of the router as
your default route for the PIX.

-----Original Message-----
From: Andrew Shore [mailto:andrew.shore@holistecs.com]
Sent: Wednesday, September 15, 2004 3:00 AM
To: Jim Richards; Anand Srivastava; firewalls@securityfocus.com
Subject: RE: PIX Setup with PAT


The PIX has no serial interface, the serial interface is on the ISP
router which also has an Ethernet interface.

There is an Ethernet network between the router and PIX which is
unnumbered?

How can the PIX route to a gateway on a network it has no network on?

You can only set a route to an interface for point to point links which
Ethernet (by definition) can not be.

Therefore, I don't understand how this can work.

-----Original Message-----
From: Jim Richards [mailto:jrichards@meandaur.com] 
Sent: 14 September 2004 14:06
To: Andrew Shore; Anand Srivastava; firewalls@securityfocus.com
Subject: RE: PIX Setup with PAT

You don't need an IP address for the ethernet interface - you point the
default gateway of the pix to the IP of the serial interface.

-----Original Message-----
From: Andrew Shore [mailto:andrew.shore@holistecs.com]
Sent: Tuesday, September 14, 2004 3:24 AM
To: Jim Richards; Anand Srivastava; firewalls@securityfocus.com
Subject: RE: PIX Setup with PAT


This depends greatly on whether the IP supports IP unnumbered! Plus you
then need an address on the Ethernet interface of the router to talk to
the firewall interface

-----Original Message-----
From: Jim Richards [mailto:jrichards@meandaur.com] 
Sent: 11 September 2004 02:53
To: Anand Srivastava; firewalls@securityfocus.com
Subject: RE: PIX Setup with PAT

Your best bet would be to use ip unnumbered on the router ethernet
interface and put that public IP on the outside interface of the
firewall.  You can do this by entering the interface configuration and
using this command:
 
ip unnumbered serial0 (or whatever your wan interface is)

        -----Original Message----- 
        From: Anand Srivastava [mailto:anand.srivastava@global.com.pg] 
        Sent: Fri 9/10/2004 1:23 AM 
        To: firewalls@securityfocus.com 
        Cc: 
        Subject: PIX Setup with PAT
        
        

        Hi List,
        
        I have got a new PIX 515E and that needs to be setup in
following way (pretty staright forward):
        
         Internet ------- Router ------ PIX ------ LAN
                                                   |
                                                 DMZ
        
         The problem is that we have only one Public IP assigned to
router and we are using address translation for the clients on inside
network.
         Is it worth running PIX (outside address) on private addressing
scheme.
        Can someone give me an idea how to do that in the best possible
way..?
        
        
        
        regards
        Anand
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  1 VPN client only through PIX, Chris Tyler
Next by Date:  Re: Cisco VPN and Direcway Satellite Service, First Last
Previous by Thread:  RE: PIX Setup with PAT, Jim Richards
Next by Thread:  RE: PIX Setup with PAT, Jim Richards
Indexes:  [Date] [Thread] [Top] [All Lists]