[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Configure Cisco Pix 515 as a router

Posted on 2009-05-19
11
Medium Priority
?
533 Views
Last Modified: 2012-05-07
Does someone know how to configure a Cisco pix 515 running firmware 6.3 as a router???

Basically, I got Wan address and a 16 block lan address from my ISP.  The 16 block lan address needs to be accessible from the internet.  

thansk
0
Comment
Question by:pamiken
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 13

Expert Comment

by:Quori
ID: 24427951
Out of curiosity, does that 'LAN' address start with 10, 192 or 172?
0
 
LVL 4

Author Comment

by:pamiken
ID: 24428603
No, the "lan" address is not from the private subnets.  They are internet addressable.  My WAN address they gave was a 216.x.x.x and the "lan" is 64.x.x.x.  

Basically, the ISP says that I need to router to use the lan 16 block.  

This is something new to me as we just purchased business ethernet which I guess is the newest ISP technology.  Whenever I purchased T1's or DSL, the ISP usually gave me a 16 block and I use one of the "lan" addresses on my firewall.  I guess with business ethernet, they take it one step back and require the customer to have a router.  I was just hoping my spare pix could do it without me buying a router.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24428644
Which means they would be wanting to run a routing protocol with their PE and your CPE?

If not, then chances are they just have the range routed via next-hop to your WAN IP and you can set it up as you have in the past.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 4

Author Comment

by:pamiken
ID: 24428664
Correct, you want to run routing protocol on our cpe.  Do you know how to configure the pix to perform routing functions???  I'm pretty sure it's doable, I just don't know the commands, whether to use ospf, rip, eigrp or multicast.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24428679
0
 
LVL 4

Author Comment

by:pamiken
ID: 24428720
Here's the email I got from my ISP.  I've changed the ips for security

Customer Gateway: 216.1.1.1
Useable Range: 216.1.1.2 - 216.1.1.14
Customer Subnet Mask: 255.255.255.240
Primary DNS Server: 3.3.3.3
Secondary DNS Server: 4.4.4.4

Keep in mind that a direct connection to the Hatteras from a computer requires a cross over ethernet cable. Remember you will need to use your own router. Please use the following IPs on the "LAN" side of your router.
 
WAN Subnet Mask: 255.255.255.252
Network Side: 65.1.1.1
Customer Side: 65.1.1.2
Primary DNS Server: 3.3.3.3
Secondary DNS Server: 4.4.4.4

This is what I have configured on the Pix
I have 65.1.1.2 on the external interface of the pix and 216.1.1.1 on the internal interface of the pix.

Is the only command I need

route outside 0 0 65.1.1.2 1
0
 
LVL 13

Expert Comment

by:Quori
ID: 24428731
That would be creating a default route for internet transit.

The email from the ISP doesn't cover our the 216 range is going to be advertised. From what you say, they are wanting you to run a routing protocol to advertise the range yourself. If it is routed for you in the ISP routing tables then you simply need a default route towards the ISP (though, you'd need to change it to 65.1.1.1 to specify the ISP end of the link as the next hop).

The PIX will automatically perform routing for its connected interfaces. Anything else you need it to route, it needs routes to (be it static or dynamic).

Be sure to exclude your 216 range from any NAT you have going on.
0
 
LVL 4

Author Comment

by:pamiken
ID: 24428761
Then do I use the command

route outside 0 0 65.1.1.2.1

then to eliminate nat, my default config has nat (inside) 0.0.0.0 0.0.0.0 0 0
should I just "no" that command out???

thanks
0
 
LVL 4

Author Comment

by:pamiken
ID: 24428783
I think what will help the most is if you could provide is a config.  Thanks for all your help.
0
 
LVL 13

Assisted Solution

by:Quori
Quori earned 400 total points
ID: 24428795
I'll throw one together as soon as I can.
0
 
LVL 4

Accepted Solution

by:
pamiken earned 0 total points
ID: 24446572
I ended up just using a linksys firewall and putting that into router mode.  I wanted to give you some points for helping though.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question