Solved

Adding Additional Ethernet Ports On A Cisco Pix 501

Posted on 2008-10-03
7
541 Views
Last Modified: 2010-04-21
Hello,

This may seem like a basic question.  I have used up the 4 ethernet ports on my existing Pix 501 and need to add up to 4 more machines.  

What is the best approach in adding the additional ports?  Can I connect a switch?  Can I link another Pix to the existing one?  

Each machine uses NAT rules to make them accessible as web servers....if that will make a difference in the suggestion.  Thanks in advance for your help.
0
Comment
Question by:craigbtg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 3

Expert Comment

by:JJLost
ID: 22638016
The answer depends on your needs for future scalability but from what I read it sounds like you could satisfy your needs if you just daisy chain a switch
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22638133
The best thing to do is get a switch. An inexpensive unmanaged one will be fine since the PIX's inside interface is an unmanaged switch as well.
Just plug one port of the PIX's inside interface into one port of the switch and you'll be good to go.
The size of the switch depends on your requirments. I highly recommend Linksys's Business Series unmanaged switches. They have a lifetime warranty and you can get them in several configurations to match your requirements!
If you get the get the SD2008, that has 8 ports on it - you'll use one for your connection to the PIX and then you'll have 7 ports left over for PCs and other devices. One very cool thing - this is a gigabit switch so if any of your PCs have gigabit NICs they'll be able to communicate at gigabit speeds when connected through the switch even though the PIX is only 10/100.
Here's a link to Linksys's unmanaged Business Series switches.
http://www.linksys.com/servlet/Satellite?c=L_Product_C1&childpagename=US%2FLayout&cid=1134691194560&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=9456061982B03 
Cheers! Let me know if you have any questions!
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22638140
BTW - the PIX handles all NAT and access filtering - the switch just extends your network.
Cheers!
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:devangshroff
ID: 22639742
HI,

  Do nating on ASA and connect a 8 pr 24 port switch in e0/1 that is inside interface ,
this wway u can expand your network.

there aare basic six command u need to do on ASA to start your internet
Punlic ip address on outside intefae e0/0
nameif outside
Private ip address in inside intefase e0/1
nameif inside
nat (inside) 1 0 0
global (outside) 1 inteface
route outside 0 0 remote ip address
and one access list to allow trafic.

done
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22639896
It doesn't matter which port he connects the switch to on a PIX 501 as long as it's on the inside interface and that interface isn't shutdown. All of the ports operate logically as one in the device. That's why a PIX 501 config only has 2 interfaces - inside and outside.
The asker said "Each machine uses NAT rules to make them accessible as web servers" which tells me that he already has NAT setup, so there is no need to re-run the NAT commands.
BTW to craigbtg: Regarding the effect that expanding the network with a switch will have when NAT is used, it will have none as long as you use an unmanaged switch (or a managed one with all the ports on the default VLAN). Like I said though, I recommend the Linksys SD2008 because you said you need 4 more PCs on the inside... that will give you 3 leftover ports after those 4 PCs and the uplink to the PIX. Also, the PCs attached to the switch can communicate between eachother at gigabit speeds.
Cheers!
0
 
LVL 12

Accepted Solution

by:
Pugglewuggle earned 500 total points
ID: 22639898
BTW - the SD2008 is only about $60 USD! A great deal too!
0
 

Author Closing Comment

by:craigbtg
ID: 31502920
Great, thank you very much for your help.  I was hoping there was an inexpensive option.
0

Featured Post

Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question