Solved

Configure pix 506e firewall with 1721 router on flat network

Posted on 2006-10-24
3
345 Views
Last Modified: 2013-11-16
I have never configured a firewall before, and I have several questions.
Q#1: Do I even need the 1721 router if I use the pix 506e on a flat network? I have been reading solutions that might suggest that I do not.  
1721 --->HP4000m switch--->8 other HP 2500 switches...and 2 dns servers..thats the network.

Q#2: If keeping the router, do I need to configure anything in the router to communicate with the pix?

Q#3: How do I configure for VLANS and VPN in the pix?  I am using NAT in the router as I am only using private ips '192.168.1.0'.  I have 4 usable ips from the ISP.  71.153.188.154-157.
0
Comment
Question by:comspec2
  • 2
3 Comments
 
LVL 11

Accepted Solution

by:
prueconsulting earned 500 total points
ID: 17796233
506E can support 1 VLAN and 1 physical address on the inside interface and 1 on the external

What are you presently connecting the 1721 to ?
If you are connecting to a DSL modem or cable/ethernet then the PIX itself will suffice.

If you are connecting to a Serial connection ( ie Frame / t1 etc ) then you will need the router

2 - The Pix will point to the router as its default gateway.  Remove NAT on the router so its just a straight passthrough.

3- For the PIX you will configure your inside interface with a private ip address and your outside with one of the ISP addresses

nat (inside) 1 0.0.0.0 0.0.0.0 0 0 will take care of natting the outbound traffic

to create a vlan ( keeping in mind it only supports a single vlan )

conf t
int vlan x

Best bet would be if you need to vlan would be put the pix interface on a vlan off the 4000m and allow that to do the routing to the PIX from the other vlans vs trying to have multiple vlans ending on the PIX.
0
 

Author Comment

by:comspec2
ID: 17796395
The router is connected via ethernet straight to the DSL wall mount in the phone closet.
Are you saying just simply move the NAT config from the router to the PIX?  
0
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17797077
Yes you can connect the PIX directly to the DSL wall mount and then put the DSL configuration onto the PIX ( username etc)


Well in this case you wouldnt require the router at all .

But yes let the PIX perform the Nat vs the router performing NAT otherwise you would end up with some issues trying to make VPN connectivity work
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now