Setting up a PIX

[jduawa]

An organization i do some contract work for is thinking about installing a firewall
Currently they are using a cisco 1601 router and MS proxy server...what i think they need is a PIX 501, but am not sure about the setup. From looking at cisco's site this is my understanding
The router(1601) stays where it is at and it has the following config
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname xxxxx
!
!
interface Ethernet0
ip address xxx.xxx.xxx.91 255.255.255.224
!
interface Serial0
ip address xxx.xxx.xxx.118 255.255.255.252
!
no ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.117
!
line con 0
line vty 0 4
password xxxxxxxxxx
login
!
end

i would unplug the ethernet going out of the router and into the switch from the switch and plug it into the PIX, give the port i plugged it inot on the pix an external address and the other ethernet on the pix and internal address...Then on the clients that were using proxy i would need to change DHCP to have the gateway as the internal address of the PIX
Does this sound correct.
Thanks
what about mail and web servers i know i need to do fixup but if the servers are behind the pix i assume i need to do NAT or something
thanks

 

[yert33]

I suggest this link will help you:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/config.htm#xtocid2

 

[neutec]

How many static ip's do you have avaible to use? You will be using PAT with the PIX(Port address translation) You have a couple of options. You can place the mail and web server behind the PIX and assign each server a static ip and only allow specific ports though. Or you can us on IP and PAT all request for mail to the mail interal server and do the same for web traffic. Either way will work and be secure.

 

[jduawa]

they have 16 staic IP's