[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 420
  • Last Modified:

Configure Pix Firewall that has a 248 subnet for the outside interface.

I currently have a 252 on the outside interface, and then at 248 subnet on the inside of the router.  That is then passed to PIX firewall to nat and pat.  

What I want to is the following. I want to take the router out of the equation.  I want to have a 248 subnet on the outside of PIX without using the Router

Wireless internet with 248 subnet passed off to me via a 248
0
digger9119
Asked:
digger9119
1 Solution
 
calvinetterCommented:
I'll assume the wireless device is handing off Ethernet to you, since PIX only has Ethernet interfaces.
   If the router's WAN (outside interface) IP has a .252 mask & inside is .248, then to replace that with the PIX, you'll need to set the outside IP of the PIX to the .252 address, then use the .248 subnet for your NAT/PAT, since your ISP is obviously routing the .248 subnet to the single .252 IP.

Before changing IPs on the PIX, you'll need to review your current static NAT entries.  Remove any if necessary, change IPs on the PIX, then re-create any necessary static NAT entries.  Make absolutely sure you:
- Run 'clear xlate' after changing your NAT/PAT settings on the PIX
- Power-cycle your wireless device so you don't run into any ARP-cache problems on the ISP side
- And of course, replace your default gateway setting on the PIX to the .252 entry that your router currently points to.

cheers
0
 
charan_jeetsinghCommented:
hi digger, it seems that you are taking last mile on wireless......in that case ir realy depends on the type of equipment your service provider will be using.. you can check with them. If its a wireless router.. that wont be much of a problem for you to retain your setup.... BUT in case its a normal bridged device then you need to lookout for an alternative...something like what calvin has told...

Cj
0
 
Tim HolmanCommented:
Why do you want to get rid of the router?  It's common practise to keep it.
If it's yours, it could be more cost effective to use a firewall feature set on the router, and ditch the PIX?
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now