Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Basic Clarification

This is a basic question, I need clarification on a scenario.

I have an internal network which is protected by pix 506, pix 506's outside interface is connected to a hub which is having one cisco 1603 connected to internet leased line, and also one cisco 677 series router for ADSL connection.

As far as I understand if I have a mailserver to recieve mail in my internal network, I will use leased line which have a static ip and confiugre my mail server public ip mapping in pix.

So therefore I have only one gateway that can be specified in pix which is cisco 1603.

Now the customer wants that local internet users should browse the internet using ADSL connection, I explained him, that in the pix I can only enter one default gateway, which in this case has to be cisco 1603 bcuz of public mailserver and webserver access required from outside.

I told him that we move the ADSL router to internal network and let the clients have this one as the default gateway, so they can browse the internet, he is worried about the security, I told him, not much to worry bcuz this connection has dynamic ip and we r not opening any port from outside.

Can u pls advice, so that I can print this document and show answer from cisco.


Sayeed alhajri.

New Member

Re: Basic Clarification

I certainly wouldn't bring an Internet connection inside behind the firewall. Port translation doesn't firewall like you want and you will open yourself to vulnerabilities. Not sure why you would want two Internet connections, one thru the 1600 and the other thru the 677. I know the 677 can't help with load balancing either so you might need to lose one of the connections. Suppose you did bring the 677 inside, would your PC's gateway it it instead of the PIX? And if so, what's the PIX going to do for you? Get with your Cisco design engineer to hammer this one out.