Router--->Pix--->LAN

khayes1984 · ‎10-06-2009

I hope I posted this in the correct forum. I'm re-doing my network and I have a 2621XM router that's handling my internet traffic with some decent access-list, but I want to use my PIX for my firewall since I don't have enough flash to upgrade to 12.3. Now i'm not sure how to do this but I have a general idea.

For Router-->Pix 506e--->LAN I would need to create and /30 network with a straight through cable and a straight through cable to my switch right? For DHCP I have my Windows 2008 domain controller handling DHCP, and DNS, is there anything else I'm missing?

I would like for my router to do NAT/PAT instead of my firewall. So does this sound right?

Jon Marshall · ‎10-06-2009

Kenneth

If you are connecting the router directly into the pix then you need a crossover cable. If the router and pix interfaces are connected via a switch then straight thru for both of them.

As for NAT/PAT, it can be done on either. Most common setup is to do it on the pix but it depends on the addressing given to you by your provider. There is nothing wrong with doing it on the router if that is where the public addressing is located.

Jon

khayes1984 · ‎10-06-2009

I only have one public IP, and that's currently on the eth0 interface of the router. So I will have to cross my Ethernet1 to my Pix eth0 and a straight through from my PIX ethernet 1 to my LAN switch.

Configure the E1 to E0 (Router to PIX with a /30 network, and different subnet for the Ethernet 1 Pix to Switch right?

Jon Marshall · ‎10-06-2009

Kenneth

Yes, that should do the trick.

Jon