Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
3
Replies

Router to Pix to Switch

khayes1984
Level 1
Level 1

‎07-10-2009 10:03 AM - edited ‎03-06-2019 06:41 AM

Hello all I just achieved my CCNA last weekend, now i'm trying to redo my home network. I currently have 2610XM router that will be routing my internet connection. I have two ethernet ports, one will be bridged from the ADSL modem, to the eth 0/1 interface, and LAN from Eth 1/0. I want to use my Firewall that I have for security as well. I know access-lists in a router are a form of security, but most i'm trying to set my lab up just like a production network in a company Router-->PIX--->Switch. My theory is this, if when I configure the devices will I'm thinking the static ip will be given to me by Bellsouth's servers, and I wouldn't do any ip configuration there, but on the eth 1/0 interface I would set a static IP there, and connect that to the PIX's eth0.

Once I have that configured i'll set a static address on the Ethernet 1 interface as well. Now would I be configing or double NAT or only one NAT rule for this setup?

Labels:
0 Helpful
3 Replies 3

pompeychimes
Level 4
Level 4

‎07-10-2009 01:21 PM

Congrats on the CCNA.

You say home network in one line and lab in another. Just my opinion but I like to keep them seperated as much as possible. Especially if you're wife is tougher than you and beats you up everytime you bring the network.

Either way what you are describing sounds fine and is just one of many different ways you could do it.

For example you could flip the script and connect the firewall to the ISP. Other options would be ISP---Switch---FW---Router or ISP---Switch---FWandRouter

0 Helpful

Rick Morris
Level 6
Level 6

‎07-13-2009 07:08 AM

In your set-up you would not be doing double nat

You are natting from the router to the firewall and then natting from the firewall to the internal network.

I would only do the nat on the firewall and leave all security on the firewall and only the routing on the router. Oh yeah, make sure you use a password and/or restrict telnet to the router but that is all I would do. I would do all acl, and natting on the firewall.

0 Helpful

khayes1984
Level 1
Level 1
In response to Rick Morris

‎07-14-2009 05:45 AM

So on Ethernet 1/0 on the router I need to IP nat inside and on the PIX i don't do any nat commands at all?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card