Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Very Simple Pix - Router Question??

Status
Not open for further replies.
deeter911

deeter911

Technical User
Sep 4, 2003
4
US
I currently have a Cisco 2600 Router with IOS Firewall Feature Set. I am installing a Pix 515E behind it to take over the "filtering" processes.

I (obviously) have a public IP address XXX.162.80.2 on my Serial interface, with 192.168.100.1 on my ethernet.

My question is, when I put the Pix behind the router, what does the the "outside" address of the Pix (the Router to Pix network) have to be: public or private addressing? In other words, I don't have any more public addresses/networks to use so my only choice is say a 10.x.x.x. If I do this do I have to NAT on my firewall for the internal (192) AND Nat again on the router to get out over the internet???? OR will the pix just pass the 192. traffic over the 10. network to the router with static routes I define?

Thanks
 
Sort by date Sort by votes
You could configure NAT (inside) 0 on the PIX so it does not NAT your LAN. The outside interface should be on the same subnet as the router's ethernet port.
You could also NAT on both PIX and router, you shouldn't experience any issues with this configuration.
 
Upvote 0 Downvote
Mut thanks, appreciate it.

-Was wondering if I don't NAT the LAN address, will they just be NAT at the router, if I configure the router to do so. In other words I know that the pix is NOT a router, will it just forward the outbound traffic to the ethernet port on the router to get out?
 
Upvote 0 Downvote
The PIX will forward the LAN IP addresses to the router which will NAT these IP addresses to the public IP address. You need to configure a default route on the PIX pointing to the router and the "nat (inside) 0 ..." command which will bypass NAT on the PIX.
 
Upvote 0 Downvote
Mut- much appreciated again for taking the time.

Last thing:

Does any of this change if I want to use my PIX for VPN termination. Can I just static NAT map an pubic address to the "outside" address of my PIX on my router?

THANKS AGAIN! Your a big help.
 
Upvote 0 Downvote
If you end VPN tunnels on the PIX then you need to statically map the outside interface to a public IP address on the router. It should not affect your LAN addresses.
 
Upvote 0 Downvote
I personally would try to get a few PUBLIC ip for your ethernet side of the router, then assign publics to the pix itself.

It'll save you hastle in the long run


buckweet
 
Upvote 0 Downvote
Yeah Buckweet, that's what I was thinking. Except that means getting / buying an entire other subnet from my ISP, right?

Do you think it's a big problem if I do the private between the two (Pix/Router), and the private inside?

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
647
intel233
intel233
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
164
brownmab53
brownmab53
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
120
xwray
xwray
alex1002
  • Locked
  • Question
Sonicwall SSLVPN very slow Throughput accessing network files
Replies
1
Views
257
alex1002
alex1002
NoCoolHandle
  • Locked
  • Question
TLS 1.0 vrs TLS 1.1 vrs 1.2 connection strategy question
Replies
1
Views
136
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top