Home > Articles > Certification > Cisco Certification > CCIE

This chapter is from the book

Section 4.0: PIX Configuration

4.1: Basic PIX Configuration

  1. As stated earlier, do not configure a default route on PIX. It should learn it from R3 via RIP. Make sure you are able to ping all parts of the network including behind PIX.

4.2: Network Address Translation (NAT)

  1. Configure a static NAT on PIX for the syslog server behind PIX.

  2. Configure outside access list to open TCP port 1468 for TCP-based reliable syslog server:

  3. static (inside,outside) 10.50.31.65 192.168.6.65 netmask 255.255.255.255 0 0
    access-list outside permit tcp any host 10.50.31.65 eq 1468 (hitcnt=0)

4.3: Advanced Configuration

  1. The problem is that PIX is replying for ARP request for the server mentioned. This could be due to a global or alias configured for the same IP address. The fix is to turn off proxy-arp for this interface. sysopt noproxyarp inside stops PIX answering for the ARP requests coming from the inside interface.

  • + Share This
  • 🔖 Save To Your Account