Hey i just hook up with a Cisco PIX 501 and I wish to add to my current home setup. My internet access is through a DSL line which goes into my 2621 router. My question is how would i place the PIX? I still want my 2621 for internet access but I want the PIX to be the firewall. My desire setup DSL, 2621, PIX, 2900 switch. Anybody have ideas on infrastruture, thanks.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cisco PIX 501 10-user/3DES bundle
- Thread starter 12122053
- Start date
jevansau99
MIS
I think you've got the right idea. Can you tell me what interfaces you have on the 2621? You'll basically keep your Internet/dsl connection the same, with your WIC connecting to the DSL modem. What will change is the gateway of your internal network. You'll need an ethernet port on your router, which you prob. already have, and the PIX is going to plug into that. You'll also need an extra IP address from your ISP for the PIX external IF - preferably in the same subnet. You'll make your default route on the PIX the IP address of your router, and you'll make the default route of your internal devices connected to the 2900 the IP address of the PIX internal IF. of course, there are many more things to consider, such as security level, access lists, etc. but this should help you get started!
p.s. Someone please correct me if I'm wrong about needing an extra external IP address for the PIX Outside IF, but this is the only way I've ever done it/seen it.
p.s. Someone please correct me if I'm wrong about needing an extra external IP address for the PIX Outside IF, but this is the only way I've ever done it/seen it.
- Thread starter
- #3
Will the router still be doing NAT or PIX? I have 2 fastethernet interfaces on my 2621. Im using one for the DSL line and the other for my internal LAN. Do i still plug the PIX in one of the ethernet ports? Im assuming the internal port. Thanks for the advice, anybody else
jevansau99
MIS
what? my advice is not good enough 
. You'll def. want your PIX to handle the NAT from now on, not the router. Yes, you'll plug the PIX into one of your router's Eth ports for your internal LAN. specifically, you'll plug an Eth cable from the "outside" interface on the PIX to the "internal" port on the router. you'll then plug the 2900 into the "internal" IF on the PIX, and your gateway on all your devices now becomes this IF. remember to set your security higher for your internal IF on the PIX. hope this helps.
jason "No hacker is worth missing a Dead concert for" - c.s.
. You'll def. want your PIX to handle the NAT from now on, not the router. Yes, you'll plug the PIX into one of your router's Eth ports for your internal LAN. specifically, you'll plug an Eth cable from the "outside" interface on the PIX to the "internal" port on the router. you'll then plug the 2900 into the "internal" IF on the PIX, and your gateway on all your devices now becomes this IF. remember to set your security higher for your internal IF on the PIX. hope this helps.jason "No hacker is worth missing a Dead concert for" - c.s.
- Thread starter
- #5
jevansau99
MIS
huh. only 1 interface?? i'm def. not the most experienced guy out here, but i have never seen a PIX w/ only one interface?? the whole point of the pix is to provide you with external/internal security by becoming the "medium" - i have only worked with PIX 515/530, but I read the technical specs for the 501 and it says you should have this:
Interfaces
Console Port: RS-232 (RJ-45) 9600 baud
Outside: Integrated 10BaseT port, half-duplex, RJ45
Inside: Integrated auto-sensing, auto-MDIX 4-port 10/100 switch, RJ45
are you sure about that one interface?
jason "No hacker is worth missing a Dead concert for" - c.s.
Interfaces
Console Port: RS-232 (RJ-45) 9600 baud
Outside: Integrated 10BaseT port, half-duplex, RJ45
Inside: Integrated auto-sensing, auto-MDIX 4-port 10/100 switch, RJ45
are you sure about that one interface?
jason "No hacker is worth missing a Dead concert for" - c.s.
- Thread starter
- #7
jevansau99
MIS
i think you got some bad info. the 4 port switch from what i understood is your internal connection(s). you can always plug another switch to one of those ports though if you wish. "No hacker is worth missing a Dead concert for" - c.s.
- Status