• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 552
  • Last Modified:

Adding Additional Ethernet Ports On A Cisco Pix 501

Hello,

This may seem like a basic question.  I have used up the 4 ethernet ports on my existing Pix 501 and need to add up to 4 more machines.  

What is the best approach in adding the additional ports?  Can I connect a switch?  Can I link another Pix to the existing one?  

Each machine uses NAT rules to make them accessible as web servers....if that will make a difference in the suggestion.  Thanks in advance for your help.
0
craigbtg
Asked:
craigbtg
1 Solution
 
JJLostCommented:
The answer depends on your needs for future scalability but from what I read it sounds like you could satisfy your needs if you just daisy chain a switch
0
 
PugglewuggleCommented:
The best thing to do is get a switch. An inexpensive unmanaged one will be fine since the PIX's inside interface is an unmanaged switch as well.
Just plug one port of the PIX's inside interface into one port of the switch and you'll be good to go.
The size of the switch depends on your requirments. I highly recommend Linksys's Business Series unmanaged switches. They have a lifetime warranty and you can get them in several configurations to match your requirements!
If you get the get the SD2008, that has 8 ports on it - you'll use one for your connection to the PIX and then you'll have 7 ports left over for PCs and other devices. One very cool thing - this is a gigabit switch so if any of your PCs have gigabit NICs they'll be able to communicate at gigabit speeds when connected through the switch even though the PIX is only 10/100.
Here's a link to Linksys's unmanaged Business Series switches.
http://www.linksys.com/servlet/Satellite?c=L_Product_C1&childpagename=US%2FLayout&cid=1134691194560&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=9456061982B03 
Cheers! Let me know if you have any questions!
0
 
PugglewuggleCommented:
BTW - the PIX handles all NAT and access filtering - the switch just extends your network.
Cheers!
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
devangshroffCommented:
HI,

  Do nating on ASA and connect a 8 pr 24 port switch in e0/1 that is inside interface ,
this wway u can expand your network.

there aare basic six command u need to do on ASA to start your internet
Punlic ip address on outside intefae e0/0
nameif outside
Private ip address in inside intefase e0/1
nameif inside
nat (inside) 1 0 0
global (outside) 1 inteface
route outside 0 0 remote ip address
and one access list to allow trafic.

done
0
 
PugglewuggleCommented:
It doesn't matter which port he connects the switch to on a PIX 501 as long as it's on the inside interface and that interface isn't shutdown. All of the ports operate logically as one in the device. That's why a PIX 501 config only has 2 interfaces - inside and outside.
The asker said "Each machine uses NAT rules to make them accessible as web servers" which tells me that he already has NAT setup, so there is no need to re-run the NAT commands.
BTW to craigbtg: Regarding the effect that expanding the network with a switch will have when NAT is used, it will have none as long as you use an unmanaged switch (or a managed one with all the ports on the default VLAN). Like I said though, I recommend the Linksys SD2008 because you said you need 4 more PCs on the inside... that will give you 3 leftover ports after those 4 PCs and the uplink to the PIX. Also, the PCs attached to the switch can communicate between eachother at gigabit speeds.
Cheers!
0
 
PugglewuggleCommented:
BTW - the SD2008 is only about $60 USD! A great deal too!
0
 
craigbtgAuthor Commented:
Great, thank you very much for your help.  I was hoping there was an inexpensive option.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now