Solved

Configure pix 506e firewall with 1721 router on flat network

Posted on 2006-10-24
3
348 Views
Last Modified: 2013-11-16
I have never configured a firewall before, and I have several questions.
Q#1: Do I even need the 1721 router if I use the pix 506e on a flat network? I have been reading solutions that might suggest that I do not.  
1721 --->HP4000m switch--->8 other HP 2500 switches...and 2 dns servers..thats the network.

Q#2: If keeping the router, do I need to configure anything in the router to communicate with the pix?

Q#3: How do I configure for VLANS and VPN in the pix?  I am using NAT in the router as I am only using private ips '192.168.1.0'.  I have 4 usable ips from the ISP.  71.153.188.154-157.
0
Comment
Question by:comspec2
  • 2
3 Comments
 
LVL 11

Accepted Solution

by:
prueconsulting earned 500 total points
ID: 17796233
506E can support 1 VLAN and 1 physical address on the inside interface and 1 on the external

What are you presently connecting the 1721 to ?
If you are connecting to a DSL modem or cable/ethernet then the PIX itself will suffice.

If you are connecting to a Serial connection ( ie Frame / t1 etc ) then you will need the router

2 - The Pix will point to the router as its default gateway.  Remove NAT on the router so its just a straight passthrough.

3- For the PIX you will configure your inside interface with a private ip address and your outside with one of the ISP addresses

nat (inside) 1 0.0.0.0 0.0.0.0 0 0 will take care of natting the outbound traffic

to create a vlan ( keeping in mind it only supports a single vlan )

conf t
int vlan x

Best bet would be if you need to vlan would be put the pix interface on a vlan off the 4000m and allow that to do the routing to the PIX from the other vlans vs trying to have multiple vlans ending on the PIX.
0
 

Author Comment

by:comspec2
ID: 17796395
The router is connected via ethernet straight to the DSL wall mount in the phone closet.
Are you saying just simply move the NAT config from the router to the PIX?  
0
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17797077
Yes you can connect the PIX directly to the DSL wall mount and then put the DSL configuration onto the PIX ( username etc)


Well in this case you wouldnt require the router at all .

But yes let the PIX perform the Nat vs the router performing NAT otherwise you would end up with some issues trying to make VPN connectivity work
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question