Cisco PIX/Router with cable connection

[schroednic]

Hi all;

Have a question regarding Cisco gear on a Cox cable connection.

We currently have a couple of data T-1's going to Cisco 26xx routers and then to Cisco PIX.
I am bringing in a faster data pipe with a cable connection and removing one of the T-1's

My question is: Can I just run an Ethernet cable from the newly installed cable modem to my PIX and configure it from there, or do I need the router (26xx) in between?

Thanks in advance, Steve

 

[NetRx]

You could run it directly to the PIX but then you will have to make the PIX more of a "router". If you went with that setup then how would you configure routing on the PIX? It sounds like you would now have two devices attached to the Internet (multihomed). In other words, when an inside resource wants to access the Internet, what path will the PIX choose? Cable modem or 2600? If you do not explicitly define the route to the Internet resource then it will take the default path.

Why can't you connect the cable modem to an ethernet port off the 2600 series?

On the other hand, if one of the T1s are only used for a branch office then you could go with the Cable modem --> PIX setup then define a specific route on the PIX to the office. Everything else would default to the cable modem.

More info. would help here. Thanks.

 

[schroednic]

Thanks for the reply.

Ok let's just concentrate on ONE of the T-1's with the cable modem and PIX 506e. Forget about the other T-1 as it's not going to be associated with the office data in or data out.

Yes I could just connect an ethernet cable from the cable modem to the 2600 and then to the PIX.
However I would like to edit the config file on the PIX to just connect to the cable modem. So this would be the setup:

CABLE MODEM --> PIX --> SWITCH

Let me know if you wish a post of my current PIX config.

Thanks for your help, Steve

 

[NetRx]

Post a scrubbed config if you like. If I'm understanding you right though, all you will need is a default route pointing to the cable modem:

route <outside or interface name> 0 0 <inside ip address of cable modem>

What interface will the cable modem connect to on the PIX? And what is the role of the other active T1?

 

[schroednic]

Here is my current but "parsed" config file. I left out the access lists and static routes (NAT).

Let me know what you think.
Thanks, Steve



PIX Version 6.3(4)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100

no fixup protocol dns
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
no fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
no fixup protocol tftp 69
names

pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside <PUBLIC IP> 255.255.255.0
ip address inside <PRIVATE IP> 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool 192.168.200.10-192.168.200.245
pdm history enable
arp timeout 14400
global (outside) 1 <PUBLIC IP RANGE>
nat (inside) 0 access-list 102
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-group outside_in in interface outside
access-group inside_out in interface inside
route outside 0.0.0.0 0.0.0.0 <PUBLIC IP> 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
timeout 30
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable

telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group inet1 accept dialin pptp
vpdn group inet1 ppp authentication pap
vpdn group inet1 ppp authentication chap
vpdn group inet1 ppp authentication mschap
vpdn group inet1 client configuration address local vpnpool
vpdn group inet1 client configuration dns 192.168.100.9 192.168.100.10
vpdn group inet1 client configuration wins 192.168.100.1
vpdn group inet1 client authentication aaa RADIUS
vpdn group inet1 pptp echo 60
vpdn enable outside
terminal width 80