Configure pix 506e firewall with 1721 router on flat network

I have never configured a firewall before, and I have several questions.
Q#1: Do I even need the 1721 router if I use the pix 506e on a flat network? I have been reading solutions that might suggest that I do not.  
1721 --->HP4000m switch--->8 other HP 2500 switches...and 2 dns servers..thats the network.

Q#2: If keeping the router, do I need to configure anything in the router to communicate with the pix?

Q#3: How do I configure for VLANS and VPN in the pix?  I am using NAT in the router as I am only using private ips '192.168.1.0'.  I have 4 usable ips from the ISP.  71.153.188.154-157.
comspec2Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
prueconsultingConnect With a Mentor Commented:
506E can support 1 VLAN and 1 physical address on the inside interface and 1 on the external

What are you presently connecting the 1721 to ?
If you are connecting to a DSL modem or cable/ethernet then the PIX itself will suffice.

If you are connecting to a Serial connection ( ie Frame / t1 etc ) then you will need the router

2 - The Pix will point to the router as its default gateway.  Remove NAT on the router so its just a straight passthrough.

3- For the PIX you will configure your inside interface with a private ip address and your outside with one of the ISP addresses

nat (inside) 1 0.0.0.0 0.0.0.0 0 0 will take care of natting the outbound traffic

to create a vlan ( keeping in mind it only supports a single vlan )

conf t
int vlan x

Best bet would be if you need to vlan would be put the pix interface on a vlan off the 4000m and allow that to do the routing to the PIX from the other vlans vs trying to have multiple vlans ending on the PIX.
0
 
comspec2Author Commented:
The router is connected via ethernet straight to the DSL wall mount in the phone closet.
Are you saying just simply move the NAT config from the router to the PIX?  
0
 
prueconsultingCommented:
Yes you can connect the PIX directly to the DSL wall mount and then put the DSL configuration onto the PIX ( username etc)


Well in this case you wouldnt require the router at all .

But yes let the PIX perform the Nat vs the router performing NAT otherwise you would end up with some issues trying to make VPN connectivity work
0
All Courses

From novice to tech pro — start learning today.