Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
5
Helpful
11
Replies

Getting Started with PIX 506

Go to solution
srberg5219
Level 1
Level 1

‎03-21-2007 08:23 AM - edited ‎03-11-2019 02:50 AM

First of all, thank you for remembering when you first started with PIX appliances...

I recently purchased a pre-owned PIX 506 running software version 5.1(2). I am currently unable to upgrade this software since I do not have the apprpriate 'service contract', so I am stuck with this software version.

Although I did receive the manual 'Configuration Guide for the Cisco PIX Firewall Version 5.1', I am a bit lost with this firewall.

My network:

ADSL Router (ISP Provided) =>PIX=>Switch=>Network

Subnet: 192.168.254.0/24

Netmask: 255.255.255.0

Static External IP assigned by ISP:74.41.202.106

Questions:

1) The 'inside' interface should be a LAN assigned IP? (Ex. 192.168.254.3)

2) What should the 'outside' interface be set to?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
vitripat
Level 7
Level 7
In response to srberg5219

‎03-21-2007 09:20 AM

So I should set the following:

1) Inside Interface IP: 192.168.254.2

- Yes.

2) Outside Interface IP: 192.168.254.3

- No. The outside interface and inside interface cannot be in same subnet. You should use 74.41.202.106 on the outside interface of PIX and connect the outside interface to the ADSL modem.

3) PIX Gateway IP:192.168.254.1 (since this is the LAN IP of the router)

- Not sure where is this router placed. Is your ISP terminating currently on this router? What type of connection do you have .. PPPoE/PPPoA/DSL etc?

Also, it seems that you already have a network setup with ISP terminating on the router and internal network connected to the 192.168.254.1 interface. Now you are trying to place a PIX in between. Let me know if this is the situation.

Regards,

Vibhor.

View solution in original post

0 Helpful
11 Replies 11

Go to solution
vitripat
Level 7
Level 7

‎03-21-2007 08:34 AM

Questions:

1) The 'inside' interface should be a LAN assigned IP? (Ex. 192.168.254.3)

- Yes, inside interface should be in 192.168.254.0/24 subnet. You can choose any free IP and make it as the gateway for the internal network.

2) What should the 'outside' interface be set to?

- "Static External IP assigned by ISP:74.41.202.106", as this is the IP given to you by your ISP, this should be on the outside interface of PIX. However, they must have also provided the subnet mask and the gateway IP. Please use the subnet mask while configuring IP address on outside interface, and use the gateway_IP as such:

route outside 0 0 gateway_ip

With this command in, PIX will know where to route traffic for internet.

Hope that helps.

Regards,

Vibhor.

0 Helpful

Go to solution
huynhkhay
Level 1
Level 1

‎03-21-2007 08:36 AM

Hi,

1) correct

2) If 74.41.202.106 is the ADSL router address, you should set the "outside" interface to an address in the same subnet of your ADSL Router. And your default gateway on your PIX will be the ADSL Router.

Hope it helps

0 Helpful

Go to solution
srberg5219
Level 1
Level 1
In response to huynhkhay

‎03-21-2007 09:10 AM

Here is my subnet structure:

Router LAN IP: 192.168.254.1

* 74.41.202.106 IP is the static IP I lease from my ISP for access to my web servers/email servers FROM the internet.

So I should set the following:

1) Inside Interface IP: 192.168.254.2

2) Outside Interface IP: 192.168.254.3

3) PIX Gateway IP:192.168.254.1 (since this is the LAN IP of the router)

My gartitude ahead of time...

0 Helpful

Go to solution
vitripat
Level 7
Level 7
In response to srberg5219

‎03-21-2007 09:20 AM

So I should set the following:

1) Inside Interface IP: 192.168.254.2

- Yes.

2) Outside Interface IP: 192.168.254.3

- No. The outside interface and inside interface cannot be in same subnet. You should use 74.41.202.106 on the outside interface of PIX and connect the outside interface to the ADSL modem.

3) PIX Gateway IP:192.168.254.1 (since this is the LAN IP of the router)

- Not sure where is this router placed. Is your ISP terminating currently on this router? What type of connection do you have .. PPPoE/PPPoA/DSL etc?

Also, it seems that you already have a network setup with ISP terminating on the router and internal network connected to the 192.168.254.1 interface. Now you are trying to place a PIX in between. Let me know if this is the situation.

Regards,

Vibhor.

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to vitripat

‎03-21-2007 09:23 AM

diagram is in his first post. it appears to be adsl router not modem. I assume 74.41.202.106 is the address on outside of router so he cannot make this pix outside.

0 Helpful

Go to solution
srberg5219
Level 1
Level 1
In response to acomiskey

‎03-21-2007 09:30 AM

acomiskey is correct...

0 Helpful

Go to solution
srberg5219
Level 1
Level 1
In response to vitripat

‎03-21-2007 09:29 AM

This firewall is being integrated into an existing network where the router's IP (192.168.254.1) was set as the 'Default Gateway' on workstations and servers (Windows based) and as the 'forwarding' address in Windows DNS.

Physically, here is my layout before PIX:

===Internet===

|

|

===Router=== (LAN IP of 192.168.254.1)

|

|

===Switch=== (unmanaged)

|

|

===Network=== (Web/Email servers-IPs set)

I am placing my PIX AFTER the router:

===Internet===

|

|

===Router=== (LAN IP of 192.168.254.1)

|

|

===PIX 506===

|

|

===Switch=== (unmanaged)

|

|

===Network=== (Web/Email servers-IPs set)

**Connection type is PPPoA

0 Helpful

Go to solution
vitripat
Level 7
Level 7
In response to srberg5219

‎03-21-2007 09:36 AM

Thanks for the updates. However, in this scenario, we will have some major changes ..

As I mentioned earlier, outside and inside interfaces of PIX cannot be in same subnet, thus, if we place PIX in between, we will have to change the network addressing on whole internal network.

LAN IP of router will remain 192.168.254.1, which will also be the gateway IP of the PIX. You can assigne PIX outside interface any free IP in the same subnet. Now we need to give inside interface a totally new subnet and whole of your internal network will also be in the same new subnet as of PIX's inside interface. Let me know if this suits you.

Regards,

Vibhor.

Go to solution
srberg5219
Level 1
Level 1
In response to vitripat

‎03-21-2007 09:46 AM

So if I understand correctly, this will be my setup:

1)Router IP: 192.168.254.1

2)PIX OUTSIDE interface: 192.168.254.2

3)PIX INSIDE Interface AND whole internal network: New subnet of 192.168.253.0/24.(or whatever new subnet I want to assign)

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to srberg5219

‎03-21-2007 11:29 AM

If it were me, I would ditch the dsl router, get a dsl modem, assign 74.41.202.106 to the outside of pix, 192.168.254.1 to inside and be done with it. Then you won't have to change anything on the inside. Unless of course, you need an outside router. And it may have been easier to just change the transport network between the outside router and pix, rather than change your inside network.

0 Helpful

Go to solution
srberg5219
Level 1
Level 1
In response to acomiskey

‎03-21-2007 01:16 PM

My gratitude for everyone's time...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card