PIX 515E & Interface Routing

Answered Question
Mar 19th, 2010

Hey guys. I have some questions and I hope they're not horribly stupid. My company recently aquired (3) PIX 515E's. I've configured a PIX 501 but on a smaller network with no remote offices. On the 501, I converted the inside clients to a 172.16.0.* range and the external IP was our gateway. That worked fine.

Now, I work on a network with one main office, 2 remote offices, and 3 subnets. I'm having trouble trying to even get the thought processing started here. Let me give you some basics.

Main Office 1 - 10.46.167.*

DHCP Server

Router (I have no control over this router)

Remote Office 1 - 10.46.166.*

DHCP Server

Router (I also have no control over this router)

Remote Office 2 - 10.46.161.*

Few systems, No DHCP (all static IP's)

Router (same thing. I have no control over this router)

I didn't initially setup this network. So unfortunatelly the routing wasn't configured by me, nor do I administer the main routers. One of my questions is this. Is it possible to set the 515E up without having to convert all internal IP's? All I really want to do is place the firewalls between our switches and the main routers. Reason being is that I have no control over the routers. I'm just afraid that it won't be possible without setting up all new DHCP scopes internally because the P515E won't let me use the same subnet on both the inside/outside interfaces (which is the default).

Am I making this more complicated than it should be?

I have this problem too.
0 votes
Correct Answer by Collin Clark about 6 years 7 months ago

Your thinking is correct. You will need to create a new network between the 'inside' of the router and the 'outside' of the PIX or create new 'inside' networks. You do have the option of making the firewalls "transparent". Check the link below


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
JohnF1974 Fri, 03/19/2010 - 13:59

Brilliant! I owe you Collin. That's EXACTLY what I needed. A way to place these firewalls into an existing network without changing the entire internal IP ranges. Thanks many times over.


This Discussion