Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New to Cisco

Status
Not open for further replies.
aquahalo

aquahalo

Technical User
Aug 17, 2005
13
US
I am new to Cisco Firewalls/Routers. Can anyone tell me the cheapest firewall/router that will work with 2 different external IP's. What I have is a T1 connection with a static IP that will have a server connected to it and will need to be accessed by the outside world. Then I have a DSL modem (PPoE) that will be our internal network. Can I have both up and running with a PIX 501?

Thanks for the help.
 
Sort by date Sort by votes
No. The 501 and 506 have only 2 interfaces. You'll need a 515E with an extra interface card; it supports up to 6.
 
Upvote 0 Downvote
Thanks for the response. So the cheapest way to go is to buy a couple of 501's that can act as a firwall/router. Sound about right?
 
Upvote 0 Downvote
Actually the 501 will host multiple external IPs.

The physical interfaces are used for things like a DMZ and aren't related to how many external IPs you can host.
There may be a limit on how many Public IPs you can host on the 501, but I know it will handle two--I tested it.

To set up multiple public IPs on the PIX follow these steps.

Say you have these public IPs:
201.23.1.1 -- Outside interface used for PAT etc.
201.23.1.2 -- Public IP of Web server
And you want to allow http and ftp in on 201.23.1.2 and map it to 10.20.1.36/24 inside

Do this:

1. Create an ACL allowing the specific port traffic in on the Webservers public IP:
access-list 100 permit tcp any host 201.23.1.2 eq 80
access-list 100 permit tcp any host 201.23.1.2 eq 21

Apply the ACL to the outside interface:
access-group 100 in int out

And create a static mapping:
static (inside,outside) 201.23.1.2 10.20.1.36 netmask 255.255.255.255 1000 1000

Now all tcp port 80 and 21 traffic that hits 201.23.1.2 will be sent to 10.20.1.36 inside.

There's alot more to ACLs. I'm just trying to show how this can be done.

What's ADD again?
 
Upvote 0 Downvote
TAC says the 501 will support 32 public IPs when you have the 10-user license. OK...

Also:
The 501 comes in 10, 50, and unlimited--user license.
Make sure you get the one that will support the number of internal users that will be simultaniously connecting to the Internet at any given time. And get the 3DES encryption--if it's legal for you to--it's no extra charge.

What's ADD again?
 
Upvote 0 Downvote
Correction.

I questioned the 32 public IP answer--it just didn't seem right--and found out that the 501 will support unlimited public IPs--but you can only have connections comming in equal to your license.

Hope that helps.

What's ADD again?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
324
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
336
Johnkite
Johnkite
MottoK
  • Locked
  • Question
Cisco ISE blank GUI
Replies
0
Views
278
MottoK
MottoK
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
340
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
379
intel233
intel233

Part and Inventory Search

Sponsor

Back
Top