?
Solved

Configure Pix Firewall that has a 248 subnet for the outside interface.

Posted on 2006-11-26
3
Medium Priority
?
415 Views
Last Modified: 2013-11-16
I currently have a 252 on the outside interface, and then at 248 subnet on the inside of the router.  That is then passed to PIX firewall to nat and pat.  

What I want to is the following. I want to take the router out of the equation.  I want to have a 248 subnet on the outside of PIX without using the Router

Wireless internet with 248 subnet passed off to me via a 248
0
Comment
Question by:digger9119
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 20

Accepted Solution

by:
calvinetter earned 1000 total points
ID: 18017391
I'll assume the wireless device is handing off Ethernet to you, since PIX only has Ethernet interfaces.
   If the router's WAN (outside interface) IP has a .252 mask & inside is .248, then to replace that with the PIX, you'll need to set the outside IP of the PIX to the .252 address, then use the .248 subnet for your NAT/PAT, since your ISP is obviously routing the .248 subnet to the single .252 IP.

Before changing IPs on the PIX, you'll need to review your current static NAT entries.  Remove any if necessary, change IPs on the PIX, then re-create any necessary static NAT entries.  Make absolutely sure you:
- Run 'clear xlate' after changing your NAT/PAT settings on the PIX
- Power-cycle your wireless device so you don't run into any ARP-cache problems on the ISP side
- And of course, replace your default gateway setting on the PIX to the .252 entry that your router currently points to.

cheers
0
 
LVL 8

Expert Comment

by:charan_jeetsingh
ID: 18019282
hi digger, it seems that you are taking last mile on wireless......in that case ir realy depends on the type of equipment your service provider will be using.. you can check with them. If its a wireless router.. that wont be much of a problem for you to retain your setup.... BUT in case its a normal bridged device then you need to lookout for an alternative...something like what calvin has told...

Cj
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 18020557
Why do you want to get rid of the router?  It's common practise to keep it.
If it's yours, it could be more cost effective to use a firewall feature set on the router, and ditch the PIX?
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question