Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
225
Views
0
Helpful
1
Replies

Basic Clarification

sayeed
Level 1
Level 1

‎08-28-2002 09:09 PM - edited ‎03-02-2019 12:59 AM

This is a basic question, I need clarification on a scenario.

I have an internal network which is protected by pix 506, pix 506's outside interface is connected to a hub which is having one cisco 1603 connected to internet leased line, and also one cisco 677 series router for ADSL connection.

As far as I understand if I have a mailserver to recieve mail in my internal network, I will use leased line which have a static ip and confiugre my mail server public ip mapping in pix.

So therefore I have only one gateway that can be specified in pix which is cisco 1603.

Now the customer wants that local internet users should browse the internet using ADSL connection, I explained him, that in the pix I can only enter one default gateway, which in this case has to be cisco 1603 bcuz of public mailserver and webserver access required from outside.

I told him that we move the ADSL router to internal network and let the clients have this one as the default gateway, so they can browse the internet, he is worried about the security, I told him, not much to worry bcuz this connection has dynamic ip and we r not opening any port from outside.

Can u pls advice, so that I can print this document and show answer from cisco.

Regards,

Sayeed alhajri.

Labels:
0 Helpful
1 Reply 1

s-doyle
Level 3
Level 3

‎09-09-2002 07:48 AM

I certainly wouldn't bring an Internet connection inside behind the firewall. Port translation doesn't firewall like you want and you will open yourself to vulnerabilities. Not sure why you would want two Internet connections, one thru the 1600 and the other thru the 677. I know the 677 can't help with load balancing either so you might need to lose one of the connections. Suppose you did bring the 677 inside, would your PC's gateway it it instead of the PIX? And if so, what's the PIX going to do for you? Get with your Cisco design engineer to hammer this one out.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents