151 nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password testing password testing hostname lab-test-1 no failover names pager lines 24 syslog output 20.3 no syslog console syslog host 192.168.2.2 interface ethernet0 auto interface ethernet1 auto ip address outside 1.251.174.156 255.255.255.248 ip address inside 192.168.2.1 25.255.255.0 arp timeout 14400 global outside 1 2.241.11.249-2.241.11.251 global outside 2 2.241.11.252-2.241.11.254 nat inside 2 192.168.2.128 255.255.255.128 age 10 route outside 0.0.0.0 0.0.0.0 1.251.174.154 1 no rip outside passive no rip outside default no rip inside passive no rip inside default timeout xlate 24:00:00 conn 12:00:00 udp 00:02:00 timeout rpc 00:10:00 h323 00:05:00 uauth 00:05:00 no snmp-server location no snmp-server contact snmp-server community public telnet 192.168.2.2 255.255.255.255 mtu outside 1500 mtu insde 1500 The two nameif commands assign short names to the two interfaces: outside and inside . Then, the two interface commands define the speed at which the interfaces operate. We used the auto keyword to have the hardware automatically sync to the Ethernet it is attached to. The ip address commands use the assigned names to establish the network configuration for the internal and external networks. The internal network we chose was part of the unroutable RFC 1918 network 192.168.0.0, which is traditionally used for hosts requiring Network Address Translation NAT on an interior network protected by a firewall such as the PIX. As Figure 9-1 depicts, we dont have an internal router. The network that we used for testing was very small and an internal router was not necessary. You can see this in the configuration by studying the route command entry, which points the default route 0.0.0.0 to the gateway to which the PIX would send external traffic 1.251.174.154. Logically enough, you are always required to specify an outside router. The rip command sets whether the PIX should or should not broadcast default routing information using the RIP protocol to either the inside or outside interface. Our sample configuration disables all RIP route propagation since we had such a small example. Should you have an internal router that extends the network to other locations, you would need to set the default internal route mentioned above to the router responsible for accessing the rest of