Cisco PIX : How to allow HQ via ISP Network going thru your LAN (branch) network.

The HQ is connected to the PIX site through the ISPs network. The HQ network should be 10.22.x.x/yy. On the basis of your above PIX configuration this should be located behind the "outside" interface of the PIX.
For your HQ coming from subnet 10.22.x.x/yy to subnet 10.45.x.0/19 you would have to configure NAT0 between these networks.

Essentially the configuration would look something like this

access-list INSIDE-NAT0 remark NAT0/NONAT for Branch to HQ traffic
access-list INSIDE-NAT0 permit ip 10.45.x.0 255.255.224.0 10.22.x.x y.y.y.y

nat (inside) 0 access-list INSIDE-NAT0

This should essentially enable hosts from 10.22.x.x/yy subnet to connect directly to subnet 10.45.x.0/19 on their original IP addresses.


* If the other Branch network needs the same type of rule then you would simply add another line to the ACL/access-list we created BUT you would use the other Branch network as the source.

access-list INSIDE-NAT0 permit ip 10.36.0.0 255.255.0.0 10.22.x.x y.y.y.y

 I got this solution from Cisco Support Community

Comments

Post a Comment

Popular posts from this blog

CiscoWorks Tomcat Servlet Engine service does not start , Windows Version

Problem :- My Tomcat Servlet Engine Services unable to Start due to my previous regdaemon.xml  was empty and i dont why. Solution:- What I do, is I look for a filename  " regdaemon " As for me it located at C:\Program Files\CSCOpx\MDC\etc I copy paste the old script of regdaemon.xml.bak and put inside regdaemon.xml and save. After that I try to restart the CiscoWorks Tomcat Servlet Engine services and it works..! Reference : - CiscoWorks Tomcat Servlet Engine service does not start
Read more

CCTV NetSurveillance Active X Control-Solution

1. Download and install dvrcenter.com/ocx/Active.exe 2. Goto C:\Windows and create directory 'NetSurveillance' 3. Download NetSurveillance.zip from the following link and extract contents to C:\Windows\NetSurveillance ( NetSurveillance.zip ) 4. Run 'install.bat' with administrator priviledges 5. Navigate to the IP or Dyndns name to remote access your DVR 6. Allow access to run Active X Controls 7. Log in to your DVR!! NB: Active X controls may need to changed via Internet Explorer to allow IE to prompt you. SImply change the appropriate active X settings in IE ->Internet Option->Security->Custom Level to either enable or prompt. Credit to kryptic00
Read more

Social Engineer Toolkit (SET) Intergration with Metasploit 4.4.0

Download your copy of SET at below link. svn co http://svn.trustedsec.com/social_engineering_toolkit set/ Computer Based Social Engineering Tools: Social Engineer Toolkit (SET) The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test. 1 Beginning with the Social Engineer Toolkit 2 SET’s Menu 3 Attack Vectors 3.1 Spear-Phishing Attack Vector 3.2 Java Applet Attack Vector 3.3 Metasploit Browser Exploit Method 3.4 Credential Harvester Attack Method 3.5 Tabnabbing Attac...
Read more