02-18-2009 07:38 AM - last edited on 03-25-2019 05:42 PM by ciscomoderator
Greetings, we have recently been approached by a client who has aquired a PIX520 (6.3) and wishes to sit 2 networks behind it with one outside network terminated on a leased line.
They would like to route traffic between the two internal subnets on the same security level or potentially on different security levels.
I know it isnt a recommended approach but ive done this successfully on ASA's in the past, would anyone be able to say if this is viable on the PIX?
Regards
02-18-2009 09:11 AM
What you want to do is very do-oable! Personally I am a big fan of if you have a firewall - should just be a firewall. If you need to route - get a router.
If you have no option to have a layer 3 routing device handle the ip to ip function - then having the two subnets on differnet physical/logical interfaces is the way you need to go.
This is of course if you have enough physical interfaces... if not - then trunk some vlans to the PIX.
HTH>
02-18-2009 09:16 AM
I think it can be done as long as you permit the related traffic and add related NAT if needed between those two interfaces.
The bottom line is that you can still upgrade the code to the same version as ASA which you have experienced on.
02-18-2009 09:30 AM
Thank you for your replies, normally i would use a Catalyst 3560 or 3750, but the customer isnt yet prepared to add or change any existing hardware, ive done it before on ASA's with interfaces with the same security levels using NAT exempt statements, im trying to push him down the road of putting one network on a lower security level which will make things much easier. Wasnt overly sure if the PIX would do the same.
I am looking at upgrading to 7.x or 8.x but after some further digging the 520 cant go beyond 6.3 but the 525 can go upto 8.x, would i be correct?
Regards
02-18-2009 09:45 AM
Yes, you are right. PIX520 could not be upgraded to 7.x or 8.x. Cisco does not support this. Missed that. :)
02-18-2009 10:03 AM
Thank you all for your time.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide