05-31-2007 02:11 AM - edited 03-11-2019 03:23 AM
Hi.
We have a Cisco 800 Broadband router/modem in place providing ADSL broadband connectivity for a small site (acting as the default gateway) but no firewall. I know the 800 has a built in firewall (currently disabled) but the customer has already bought a Cisco Pix 506 firewall and wants it implemented. I have a few questions.
- Is it worth just using the firewall on the 800 instead? Does it provide the same features as the Pix? (customer requires remote access via VPN client and hosts an Exchange server)
- If the best solution is implementing the Pix, how best should I wire up and configure both devices.
This customer will also be hosting a web server in the near future so any config will need to be able to accommodate this.
The current config on the 800 use PAT for internal client Internet access and forwards port 25 traffic to their Exchange server.
Also, I've already tried configuring the Pix (inside interface on 800 into outside interface on Pix via an unused switch and making inside interface on Pix the default gateway) and implementing a standard config (attached) but couldn't get it working (could ping internet IP addresses on the Pix but not from a client).
Apologies for the complicated/convoluted nature of this mail - this is a customer I've inherited and I'm trying to make sense of their setup/requirements. This is also my first experience of the 800.
Any help would be greatly appreciated.
Rex
06-04-2007 03:55 AM
No takers? I'm just after some general pointers on how best to proceed. Thanks.
06-04-2007 03:32 PM
I have a few questions.
- Is it worth just using the firewall on the 800 instead? IF YOU HAVE A PIX I WOULD USE IT BEHIND THE 800. Does it provide the same features as the Pix? NO. (customer requires remote access via VPN client and hosts an Exchange server) YOU CAN CONFIGURE PIX FOR THIS.
- If the best solution is implementing the Pix, how best should I wire up and configure both devices. 800---PIX---LAN
This customer will also be hosting a web server in the near future so any config will need to be able to accommodate this. SHOULDN'T BE AN ISSUE.
The current config on the 800 use PAT for internal client Internet access and forwards port 25 traffic to their Exchange server. YOU WILL NEED TO DISABLE PAT AND CONFIGURE PIX OUTSIDE WITH THE APPROPRIATE PUBLIC IP. PIX WILL PAT INTERNAL CLIENTS AND IF YOU STILL HAVE ANOTHER USEABLE PUBLIC IP YOU CAN USE IT FOR THE SERVER.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide