Solved

Configure Pix Firewall that has a 248 subnet for the outside interface.

Posted on 2006-11-26
3
347 Views
Last Modified: 2013-11-16
I currently have a 252 on the outside interface, and then at 248 subnet on the inside of the router.  That is then passed to PIX firewall to nat and pat.  

What I want to is the following. I want to take the router out of the equation.  I want to have a 248 subnet on the outside of PIX without using the Router

Wireless internet with 248 subnet passed off to me via a 248
0
Comment
Question by:digger9119
3 Comments
 
LVL 20

Accepted Solution

by:
calvinetter earned 250 total points
ID: 18017391
I'll assume the wireless device is handing off Ethernet to you, since PIX only has Ethernet interfaces.
   If the router's WAN (outside interface) IP has a .252 mask & inside is .248, then to replace that with the PIX, you'll need to set the outside IP of the PIX to the .252 address, then use the .248 subnet for your NAT/PAT, since your ISP is obviously routing the .248 subnet to the single .252 IP.

Before changing IPs on the PIX, you'll need to review your current static NAT entries.  Remove any if necessary, change IPs on the PIX, then re-create any necessary static NAT entries.  Make absolutely sure you:
- Run 'clear xlate' after changing your NAT/PAT settings on the PIX
- Power-cycle your wireless device so you don't run into any ARP-cache problems on the ISP side
- And of course, replace your default gateway setting on the PIX to the .252 entry that your router currently points to.

cheers
0
 
LVL 8

Expert Comment

by:charan_jeetsingh
ID: 18019282
hi digger, it seems that you are taking last mile on wireless......in that case ir realy depends on the type of equipment your service provider will be using.. you can check with them. If its a wireless router.. that wont be much of a problem for you to retain your setup.... BUT in case its a normal bridged device then you need to lookout for an alternative...something like what calvin has told...

Cj
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 18020557
Why do you want to get rid of the router?  It's common practise to keep it.
If it's yours, it could be more cost effective to use a firewall feature set on the router, and ditch the PIX?
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now