Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX501 and DSL Modem

Status
Not open for further replies.
hcclSmokey

hcclSmokey

Technical User
May 9, 2003
23
GB
Hi There

I currently have my PIX501 connected to a DSL Router/Firewall. Am I limiting the funtionality of the PIX by connecting to another firewall ? At the moment I seem to have to make changes in two places for things to work. Would it be better to get a DSL modem and let the PIX do the firewall job ? If so can anyone suggest a DSL modem to purchase...

Thanks
Smokey
 
Sort by date Sort by votes
hcclSmokey,

Yes, it would be better to have just a DSL modem. You are in fact making 2x as much work for yourself. Possible limiting what you can do. But you may not need to purchase anything. In most cases you can set the DSL modem to act like just a modem. Essentially this means turning off NAT, since most "firewalls" are just NAT firewalls, and unlike the PIX or other dedicated firewall devices, do not do other sorts of filtering.

I suggest that you find the manual for your DSLmodem/firewall online and find out how to turn off NATing. You will then have a DSL modem with a routeable address assigned to it. Essentially it will just be a router now. You just give it an "inside(LAN) address" of something like 172.16.254.253 255.255.255.252 and set DHCP to on for the inside(LAN) interface. Then set the PIX up for DHCP on its "outside (WAN) interface". Now your PIX is the only firewall and you can do what you want without the extra steps or restrictions of the other firewall. Alternatly you could set the PIX manually, with an outside address of 172.16.254.254 255.255.255.252 thus completeing your mini subnet of 2 devices and assuring that you will not get routing issues due to that subnet.

One important factor to making this easy is make sure that the subnet used between the DSLmodem/router and the PIX is different from the subnet used for your LAN, or LANs. Since this will cause routing issues. I.E. do not use 192.168.1.X for you LAN and for the subnet between the PIX and the DSL modem. Make sure that the inside and outside addresses of the PIX are not both set to the same numbers for the first 3 octets of their IP address. (1.2.3.4)

Eddie Venus

"These pipes are CLEAN!!" - Chris Elliot (Cabin Boy)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
283
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
245
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
207
Nitta84
Nitta84
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
78
ITSUPPORTIT
ITSUPPORTIT
texwiz
  • Locked
  • Question
need some help to properly set up, segregate and secure a network with an ASA 5505
Replies
2
Views
99
texwiz
texwiz

Part and Inventory Search

Sponsor

Back
Top