My ISP insists on using a /30 IP WAN block to connect to its equipment even though it is an ethernet handoff. They wil then route a /27 public IP block to my firewall. I would have liked to skip the WAN block and connect my PIX directly to the interface but now have to deal with two sets of IP blocks and routing between them but I still want to avoid having to use a router in between their equipment and my firewall.
Is it possible to use one of the switch ports on the PIX and configure it as a separate VLAN to handle the WAN block and then route internally to another VLAN with the public block and still be able to use NAT, ACL and IPSec on the PIX?
Not possible on the 501series. Sorry, but your going to need a router or L3 switch at the bare minimum. If you don't have any handy, then it may be more cost effective to get a pix-515 with a port expansion card (giving you 6 total, as you only get 2 by default). Good luck.
What about with a 5505? It seems like I will soon have a similar issue but at the other site I have a 5505. It is a different provider so I am not sure if they will give me as hard a time but if they do I would like to try to use both the /30 and the public block on the one device.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...