Home > Articles > Cisco Certification > CCIE > CCIE Security Practice Labs

CCIE Security Practice Labs

Section 4.0: PIX Configuration

4.1: Basic PIX Configuration

  1. As stated earlier, do not configure a default route on PIX. It should learn it from R3 via RIP. Make sure you are able to ping all parts of the network including behind PIX.

4.2: Network Address Translation (NAT)

  1. Configure a static NAT on PIX for the syslog server behind PIX.

  2. Configure outside access list to open TCP port 1468 for TCP-based reliable syslog server:

  3. static (inside,outside) netmask 0 0
    access-list outside permit tcp any host eq 1468 (hitcnt=0)

4.3: Advanced Configuration

  1. The problem is that PIX is replying for ARP request for the server mentioned. This could be due to a global or alias configured for the same IP address. The fix is to turn off proxy-arp for this interface. sysopt noproxyarp inside stops PIX answering for the ARP requests coming from the inside interface.

19. Section 5.0: IPSec/GRE Configuration | Next Section Previous Section