- Super Bronze, 10000 points or more
Posting about my final work again.
This past weekend had an oppostunity to try and test the switch and firewall at home on my DSL line.
The aim was to see could i get PIX work with my ADSL modem/connection normally.
First attempt was to put my DSL modem to Bridged state so it would pass the IP address from ISP to PIX. After following the intructions from the manufacturer to enable the bridged mode on the modem, PIX eventually got the IP address from ISP. However i didnt get anykind of connection outwards whatsoever.
I had both the switch and firewall pointing all traffic towards the outside interface of the firewall. I had my ISPs DNS servers IP addresses configured and i had allowed this traffic from the network.
Has anyone got any past expirience on using a simple DSL modem in front of PIX as a means to connect to the internet? Is there some specific things i need to configure in PIX to allow the connection to work properly?
I did try another scenario where the modem was working in its default state. (Routing) With this i got the connection working pretty flawlesly. I could access sites outside my network and could use services that i had enabled in the PIX access-lists. Only if id use this setup at the end i would have to use some port forwarding to get some certain connections all the way to my inside network, which in itself aint a problem.
To sum it up, im asking,
1.) Is there some specific things i need to allow on PIX outside interface to get it working with my ISP and the DSL modem that is in Bridged mode passing the IP directly to PIX?
(I had some constant UDP traffic/request blocked on the outside interface. IP address range was from ISP i think but the port was UDP/778 which is unknown to me atleast)
2.) Is using the modem in Routing mode in front of the PIX in any way a bad practice? Since i got it working with this way ill probably end up using it if i cant correct the behaviour of my original setup.
Anu suggestion and advice to the above matters are highly appriciated.
- Jouni Forss
To my mind, the only thing you need is to get your PIX grab your public IP address through your bridged modem.
Then you enable NAT/Global on you inside/outside interfaces and add a default gateway (if not set-up via DHCP) via your DSLAM IP address.