?
Solved

Configure Pix Firewall that has a 248 subnet for the outside interface.

Posted on 2006-11-26
3
Medium Priority
?
407 Views
Last Modified: 2013-11-16
I currently have a 252 on the outside interface, and then at 248 subnet on the inside of the router.  That is then passed to PIX firewall to nat and pat.  

What I want to is the following. I want to take the router out of the equation.  I want to have a 248 subnet on the outside of PIX without using the Router

Wireless internet with 248 subnet passed off to me via a 248
0
Comment
Question by:digger9119
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 20

Accepted Solution

by:
calvinetter earned 1000 total points
ID: 18017391
I'll assume the wireless device is handing off Ethernet to you, since PIX only has Ethernet interfaces.
   If the router's WAN (outside interface) IP has a .252 mask & inside is .248, then to replace that with the PIX, you'll need to set the outside IP of the PIX to the .252 address, then use the .248 subnet for your NAT/PAT, since your ISP is obviously routing the .248 subnet to the single .252 IP.

Before changing IPs on the PIX, you'll need to review your current static NAT entries.  Remove any if necessary, change IPs on the PIX, then re-create any necessary static NAT entries.  Make absolutely sure you:
- Run 'clear xlate' after changing your NAT/PAT settings on the PIX
- Power-cycle your wireless device so you don't run into any ARP-cache problems on the ISP side
- And of course, replace your default gateway setting on the PIX to the .252 entry that your router currently points to.

cheers
0
 
LVL 8

Expert Comment

by:charan_jeetsingh
ID: 18019282
hi digger, it seems that you are taking last mile on wireless......in that case ir realy depends on the type of equipment your service provider will be using.. you can check with them. If its a wireless router.. that wont be much of a problem for you to retain your setup.... BUT in case its a normal bridged device then you need to lookout for an alternative...something like what calvin has told...

Cj
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 18020557
Why do you want to get rid of the router?  It's common practise to keep it.
If it's yours, it could be more cost effective to use a firewall feature set on the router, and ditch the PIX?
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month10 days, 10 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question