?
Solved

Configure Cisco Pix 515 as a router

Posted on 2009-05-19
11
Medium Priority
?
531 Views
Last Modified: 2012-05-07
Does someone know how to configure a Cisco pix 515 running firmware 6.3 as a router???

Basically, I got Wan address and a 16 block lan address from my ISP.  The 16 block lan address needs to be accessible from the internet.  

thansk
0
Comment
Question by:pamiken
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 13

Expert Comment

by:Quori
ID: 24427951
Out of curiosity, does that 'LAN' address start with 10, 192 or 172?
0
 
LVL 4

Author Comment

by:pamiken
ID: 24428603
No, the "lan" address is not from the private subnets.  They are internet addressable.  My WAN address they gave was a 216.x.x.x and the "lan" is 64.x.x.x.  

Basically, the ISP says that I need to router to use the lan 16 block.  

This is something new to me as we just purchased business ethernet which I guess is the newest ISP technology.  Whenever I purchased T1's or DSL, the ISP usually gave me a 16 block and I use one of the "lan" addresses on my firewall.  I guess with business ethernet, they take it one step back and require the customer to have a router.  I was just hoping my spare pix could do it without me buying a router.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24428644
Which means they would be wanting to run a routing protocol with their PE and your CPE?

If not, then chances are they just have the range routed via next-hop to your WAN IP and you can set it up as you have in the past.
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 
LVL 4

Author Comment

by:pamiken
ID: 24428664
Correct, you want to run routing protocol on our cpe.  Do you know how to configure the pix to perform routing functions???  I'm pretty sure it's doable, I just don't know the commands, whether to use ospf, rip, eigrp or multicast.
0
 
LVL 13

Expert Comment

by:Quori
ID: 24428679
0
 
LVL 4

Author Comment

by:pamiken
ID: 24428720
Here's the email I got from my ISP.  I've changed the ips for security

Customer Gateway: 216.1.1.1
Useable Range: 216.1.1.2 - 216.1.1.14
Customer Subnet Mask: 255.255.255.240
Primary DNS Server: 3.3.3.3
Secondary DNS Server: 4.4.4.4

Keep in mind that a direct connection to the Hatteras from a computer requires a cross over ethernet cable. Remember you will need to use your own router. Please use the following IPs on the "LAN" side of your router.
 
WAN Subnet Mask: 255.255.255.252
Network Side: 65.1.1.1
Customer Side: 65.1.1.2
Primary DNS Server: 3.3.3.3
Secondary DNS Server: 4.4.4.4

This is what I have configured on the Pix
I have 65.1.1.2 on the external interface of the pix and 216.1.1.1 on the internal interface of the pix.

Is the only command I need

route outside 0 0 65.1.1.2 1
0
 
LVL 13

Expert Comment

by:Quori
ID: 24428731
That would be creating a default route for internet transit.

The email from the ISP doesn't cover our the 216 range is going to be advertised. From what you say, they are wanting you to run a routing protocol to advertise the range yourself. If it is routed for you in the ISP routing tables then you simply need a default route towards the ISP (though, you'd need to change it to 65.1.1.1 to specify the ISP end of the link as the next hop).

The PIX will automatically perform routing for its connected interfaces. Anything else you need it to route, it needs routes to (be it static or dynamic).

Be sure to exclude your 216 range from any NAT you have going on.
0
 
LVL 4

Author Comment

by:pamiken
ID: 24428761
Then do I use the command

route outside 0 0 65.1.1.2.1

then to eliminate nat, my default config has nat (inside) 0.0.0.0 0.0.0.0 0 0
should I just "no" that command out???

thanks
0
 
LVL 4

Author Comment

by:pamiken
ID: 24428783
I think what will help the most is if you could provide is a config.  Thanks for all your help.
0
 
LVL 13

Assisted Solution

by:Quori
Quori earned 400 total points
ID: 24428795
I'll throw one together as soon as I can.
0
 
LVL 4

Accepted Solution

by:
pamiken earned 0 total points
ID: 24446572
I ended up just using a linksys firewall and putting that into router mode.  I wanted to give you some points for helping though.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
In this article, we’ll look at how to deploy ProxySQL.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question