Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX501 with WAN and public IP block VLANs

My ISP insists on using a /30 IP WAN block to connect to its equipment even though it is an ethernet handoff.  They wil then route a /27 public IP block to my firewall.  I would have liked to skip the WAN block and connect my PIX directly to the interface but now have to deal with two sets of IP blocks and routing between them but I still want to avoid having to use a router in between their equipment and my firewall.

Is it possible to use one of the switch ports on the PIX and configure it as a separate VLAN to handle the WAN block and then route internally to another VLAN with the public block and still be able to use NAT, ACL and IPSec on the PIX?

Thanks,
Diego

4 REPLIES

PIX501 with WAN and public IP block VLANs

Hi,

You may not able able to do that on PIX/ASA. I ran into similar issue but luckily got a deal from ISP on router ;-).

Lets see if experts have any suggestions.

Thx

MS

Community Member

PIX501 with WAN and public IP block VLANs

Not possible on the 501series. Sorry, but your going to need a router or L3 switch at the bare minimum. If you don't have any handy, then it may be more cost effective to get a pix-515 with a port expansion card (giving you 6 total, as you only get 2 by default). Good luck.

Community Member

PIX501 with WAN and public IP block VLANs

Thanks guys for all your input.  I pressed the ISP and I finally got them to drop the /30 subnet.

Rgds,

Diego

Community Member

PIX501 with WAN and public IP block VLANs

What about with a 5505?  It seems like I will soon have a similar issue but at the other site I have a 5505.  It is a different provider so I am  not sure if they will give me as hard a time but if they do I would like to try to use both the /30 and the public block on the one device.

Thanks,

Diego

477
Views
0
Helpful
4
Replies
CreatePlease to create content