Scenario 7-1 Solution
| A1: | Cisco PIX Firewalls need to NAT any nonregistered IP address space. In particular, the Class A 10.0.0.0/8 is not routable in the Internet, so you must use NAT to permit access, or you could re-address your entire network, which clearly is not an exercise you will do often.
The following command will NAT all inside addresses: nat (inside) 1 0.0.0.0 0.0.0.0 Before you can access the Internet, you must also tell the PIX (remember the PIX is not as intelligent as a router; RIP can be configured by the network administrator), and you must route IP data with the command shown here:
route outside 0.0.0.0 0.0.0.0 <default-gateway>
This command installs a default route where IP datagrams will be sent, typically, the perimeter ... |
Get CCIE Security Exam Certification Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
