Solved

Adding Additional Ethernet Ports On A Cisco Pix 501

Posted on 2008-10-03
7
528 Views
Last Modified: 2010-04-21
Hello,

This may seem like a basic question.  I have used up the 4 ethernet ports on my existing Pix 501 and need to add up to 4 more machines.  

What is the best approach in adding the additional ports?  Can I connect a switch?  Can I link another Pix to the existing one?  

Each machine uses NAT rules to make them accessible as web servers....if that will make a difference in the suggestion.  Thanks in advance for your help.
0
Comment
Question by:craigbtg
7 Comments
 
LVL 3

Expert Comment

by:JJLost
ID: 22638016
The answer depends on your needs for future scalability but from what I read it sounds like you could satisfy your needs if you just daisy chain a switch
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22638133
The best thing to do is get a switch. An inexpensive unmanaged one will be fine since the PIX's inside interface is an unmanaged switch as well.
Just plug one port of the PIX's inside interface into one port of the switch and you'll be good to go.
The size of the switch depends on your requirments. I highly recommend Linksys's Business Series unmanaged switches. They have a lifetime warranty and you can get them in several configurations to match your requirements!
If you get the get the SD2008, that has 8 ports on it - you'll use one for your connection to the PIX and then you'll have 7 ports left over for PCs and other devices. One very cool thing - this is a gigabit switch so if any of your PCs have gigabit NICs they'll be able to communicate at gigabit speeds when connected through the switch even though the PIX is only 10/100.
Here's a link to Linksys's unmanaged Business Series switches.
http://www.linksys.com/servlet/Satellite?c=L_Product_C1&childpagename=US%2FLayout&cid=1134691194560&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=9456061982B03
Cheers! Let me know if you have any questions!
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22638140
BTW - the PIX handles all NAT and access filtering - the switch just extends your network.
Cheers!
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 5

Expert Comment

by:devangshroff
ID: 22639742
HI,

  Do nating on ASA and connect a 8 pr 24 port switch in e0/1 that is inside interface ,
this wway u can expand your network.

there aare basic six command u need to do on ASA to start your internet
Punlic ip address on outside intefae e0/0
nameif outside
Private ip address in inside intefase e0/1
nameif inside
nat (inside) 1 0 0
global (outside) 1 inteface
route outside 0 0 remote ip address
and one access list to allow trafic.

done
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22639896
It doesn't matter which port he connects the switch to on a PIX 501 as long as it's on the inside interface and that interface isn't shutdown. All of the ports operate logically as one in the device. That's why a PIX 501 config only has 2 interfaces - inside and outside.
The asker said "Each machine uses NAT rules to make them accessible as web servers" which tells me that he already has NAT setup, so there is no need to re-run the NAT commands.
BTW to craigbtg: Regarding the effect that expanding the network with a switch will have when NAT is used, it will have none as long as you use an unmanaged switch (or a managed one with all the ports on the default VLAN). Like I said though, I recommend the Linksys SD2008 because you said you need 4 more PCs on the inside... that will give you 3 leftover ports after those 4 PCs and the uplink to the PIX. Also, the PCs attached to the switch can communicate between eachother at gigabit speeds.
Cheers!
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22639898
BTW - the SD2008 is only about $60 USD! A great deal too!
0
 

Author Closing Comment

by:craigbtg
ID: 31502920
Great, thank you very much for your help.  I was hoping there was an inexpensive option.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now