PIX port forwarding or router port forwarding?

[mcorrow]

A question for the Cisco Tech folks. I have my T1 router set up to forward requests to internal servers based upon ports. I just got my PIX 501 working, and would like to plan to add that to my LAN between the router and the switch... When I move the PIX firewall so that it is now protecting all of the LAN, can I leave the port forwarding on the router, or do I need to move that function to the PIX? If either one could do it, is there a reason that it would be better done by the PIX?

(Thanks for all your help!)

 

[LloydSev]

Well if you are using NAT on the router, you should leave the port forwarding on the router.

Computer/Network Technician
CCNA

 

[mcorrow]

LloydSev: Yes, I am using NAT on the router. Based on your expertise, I'll leave it on the router. Thanks for your help!

 

[LloydSev]

Yes, you would leave the port forwarding on the device performing NAT.. (in your case the router), then you would just allow the port to the specified machine via access-lists on the PIX device.

Computer/Network Technician
CCNA

 

[mcorrow]

LloydSev: Thanks for that pointer! I had not thought about that, I'll get that set up before moving the machines...

again, thanks!