Cisco Support Community
Community Member

1751 and 515E Question

A very general question:

I am setting up a Cisco 1751 for internet access via a T1 line. It will connect into the outside port on a 515E PIX (DMZ/FIREWALL/VPN). Behind the 515E I will have our trusted LAN with an exhcange server for email.

Where should I use private IPs and where should I use public IPS. I have seven public IPs that can be used for anything I need to.

Here was my thinking could someone correct me or comfirm it:

Public=internet routable

Private=non-routable (ex.

Setup the 1751 with IP Numberless on the WAN port and a public IP on the ethernet side. Setup the Outside ethernet port on the 515E with a public IP and a private IP on the DMZ and Trusted inside ethernet ports.

That way I can do NAT for trusted user access out to the internet. I can do PAT for my Exchange server giving it a seperate public IP for emails (or port mapping if not PAT)

Does this sound good or should I not use a public IP address on my 515E (security concerns)? Also will this work with the exchange server I have, I can just give the IP address I did with PAT to my DNS authority?

Any help would be appreciated, THANKS!


Re: 1751 and 515E Question

Here’s how I would set it up. Unnumbered or whatever on the 1751 Serial. On it’s ether go with 10.1.1.x and PIX outside ether 10.1.1.x. Inside, number everything 192.168.x.x and gateway them at the PIX inside interface (or internal routers gateway at the PIX. Route all internet traffic on the PIX to the 1751 and the 1751 should route all your public NAT pool address back to the PIX’s outside interface. Setup NAT/PAT, NAT Statics for the exchange server and anything else you need accessed from outside in the PIX.

Now let me tell you why. First, it protects your outside interface of the PIX from the Internet and further hides your network. But the best reason is you won’t have to deal with all the DNS issues that so many other people on this board deal with because if an inside user wants to get to which resolved to a static on the PIX (for example… they’ll go OUT thru the PIX and the outside router will route that traffic BACK to the PIX and because the PIX’s outside interface is not on the 200.1.1.x network, it will not drop the packet but instead route it back inside.

I used to number the way you are talking until I learned this trick. Hope it helps.

CreatePlease to create content