We help IT Professionals succeed at work.

Configure pix 506e firewall with 1721 router on flat network

comspec2
comspec2 asked
on
Medium Priority
461 Views
Last Modified: 2013-11-16
I have never configured a firewall before, and I have several questions.
Q#1: Do I even need the 1721 router if I use the pix 506e on a flat network? I have been reading solutions that might suggest that I do not.  
1721 --->HP4000m switch--->8 other HP 2500 switches...and 2 dns servers..thats the network.

Q#2: If keeping the router, do I need to configure anything in the router to communicate with the pix?

Q#3: How do I configure for VLANS and VPN in the pix?  I am using NAT in the router as I am only using private ips '192.168.1.0'.  I have 4 usable ips from the ISP.  71.153.188.154-157.
Comment
Watch Question

Top Expert 2006
Commented:
506E can support 1 VLAN and 1 physical address on the inside interface and 1 on the external

What are you presently connecting the 1721 to ?
If you are connecting to a DSL modem or cable/ethernet then the PIX itself will suffice.

If you are connecting to a Serial connection ( ie Frame / t1 etc ) then you will need the router

2 - The Pix will point to the router as its default gateway.  Remove NAT on the router so its just a straight passthrough.

3- For the PIX you will configure your inside interface with a private ip address and your outside with one of the ISP addresses

nat (inside) 1 0.0.0.0 0.0.0.0 0 0 will take care of natting the outbound traffic

to create a vlan ( keeping in mind it only supports a single vlan )

conf t
int vlan x

Best bet would be if you need to vlan would be put the pix interface on a vlan off the 4000m and allow that to do the routing to the PIX from the other vlans vs trying to have multiple vlans ending on the PIX.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
The router is connected via ethernet straight to the DSL wall mount in the phone closet.
Are you saying just simply move the NAT config from the router to the PIX?  
Top Expert 2006

Commented:
Yes you can connect the PIX directly to the DSL wall mount and then put the DSL configuration onto the PIX ( username etc)


Well in this case you wouldnt require the router at all .

But yes let the PIX perform the Nat vs the router performing NAT otherwise you would end up with some issues trying to make VPN connectivity work
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.