Cisco PIX 501 setup question

Hello all, I recently purchased a Cisco PIX 501 and have some general questions. Here is the current configuration.

* Our company has 5 static ip addresses. the first 207.*.15.89 is the public ip address.
* I have a Cisco 675 router connected to the internet. I have turned off DHCP and NAT on the router and assigned the eth1 interface one an ip address of 207.*.15.90 (another of our static ips)
* I have set the outside interface of the PIX to 207.*.15.91, and defined the gateway as the 207.*.15.90 ( eth1 on 675 )
* I have turned on DHCP on the PIX with a - range to hand out
* I have a total of 6 computers I would like to have access the internet and 1 computer that needs to be reachable from the internet.

Here are my questions:
* Is this the correct (given the situation) way to set up the 675 router?
* I would like to allow traffic from the internet to our mail and web server at, how is this performed?
* I dont understand global pools, Is it yet another layer of address translation, and where do you get the ip addresses for it?another private set of IPs?

I have a book on PIX, but am having a hard time nailing some of the concepts.

Thanks in advance - Eric
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1.  Yes.  Your router seems to be configured correctly for your setup

2.  To allow traffic to get to your web and mail you need two parts.  One is an access list the other is a static NAT translation of the IP address.

     a.  First setup static nats by doing this command  static (inside,outside) 207.*.15.92
          This is assuming .92 is the next free IP address in your scope

     b.  Make an access list using the command access-list 101 permit tcp any host 207.*.15.92 eq www
          For mail just replace www with smtp or pop3

     c.  Lastly type the command access-group 101 in interface outside    this binds that access list to the outside interface to allow traffic in

You can also use port numbers on the access list if you like i.e. www=80  smtp=25   etc.

The global pool is used in PAT or port address translation which translates all traffic going out to the IP of the outside interface on the PIX.  Once you have an IP on the outside interface you're all set.  No need to use up another IP address.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.