Passing internal MAC addresses through a PIX firewall?

Unanswered Question
May 6th, 2008
User Badges:

Is it possible to pass a device's MAC address through a Cisco PIX firewall?


Here's my situation: We've just had new security camera digital video recorders installed. The DVRs are on our internal network, behind the firewall.


Campus Security (outside the firewall) need to access these DVRs.


I've set up a static IP mapping on the PIX, and ACLs. But apparently the CCTV software also needs to see the MAC address of the DVRs to identify them. As things stand, the software is only getting the MAC address of the firewall.


I've Googled and read the Cisco site, but haven't found anything that says this can be done.


Is it possible for the PIX to pass and internal device's MAC address to outside hosts?


It's a Cisco PIX 515E, running software version 7.2


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 05/07/2008 - 11:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

David


You would need to run your pix in transparent mode ie. the pix acts as a layer bridge between 2 vlans but you can still filter the traffic. Obviously this would have a huge knock on effect if you are currently running in routed mode but that is the only way i know of achieving what you want.


http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwmode.html#wp1201980


As a further point. Your pix device should support contexts so you may be able to use a separate context for the transparent firewall. I have only used contexts on the FWSM v2.x code and you couldn't mix routed/transparent contexts on the same device but i believe that restriction was removed with v3.x software on FWSM which is equivalent to v7.x code on pix.


Jon

Actions

This Discussion