Passing internal MAC addresses through a PIX firewall?
Is it possible to pass a device's MAC address through a Cisco PIX firewall?
Here's my situation: We've just had new security camera digital video recorders installed. The DVRs are on our internal network, behind the firewall.
Campus Security (outside the firewall) need to access these DVRs.
I've set up a static IP mapping on the PIX, and ACLs. But apparently the CCTV software also needs to see the MAC address of the DVRs to identify them. As things stand, the software is only getting the MAC address of the firewall.
I've Googled and read the Cisco site, but haven't found anything that says this can be done.
Is it possible for the PIX to pass and internal device's MAC address to outside hosts?
It's a Cisco PIX 515E, running software version 7.2
Re: Passing internal MAC addresses through a PIX firewall?
You would need to run your pix in transparent mode ie. the pix acts as a layer bridge between 2 vlans but you can still filter the traffic. Obviously this would have a huge knock on effect if you are currently running in routed mode but that is the only way i know of achieving what you want.
As a further point. Your pix device should support contexts so you may be able to use a separate context for the transparent firewall. I have only used contexts on the FWSM v2.x code and you couldn't mix routed/transparent contexts on the same device but i believe that restriction was removed with v3.x software on FWSM which is equivalent to v7.x code on pix.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...