cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
314
Views
0
Helpful
8
Replies

normal firewall setup

carl_townshend
Spotlight
Spotlight

Hi all, can anyone tell me the normal way of setting up a pix firewall and router ofr my internet connection, ie what ip addresses would i assign and where ?

8 Replies 8

sourabhagarwal
Level 4
Level 4

To set up pix for internet, we connect inside interface of PIX to LAN switch, outside interface of PIX to internet router, dmz interface to servers if any which you want to be accessed from internet.

Inside interface will be configured with IP which belong to your LAN subnet and this IP wil act as gateway for your inside hosts. Outside interface and router interface connecting pix outside interface will be configured with global IP.

let me know if it helps or you have more questions ...

can you give me an example, please include, outside ip of router/ inside of router/ and pix firewall, cheers

Hi Carl,

General PIX firewall will have 2 interfaces(fastethernet). one should be poing towards the internet router & other interface of the pix will b connected on ur office LAN.

the connectivity lookz like this.....

(Internet)----(internet_router)------(Pix_firewall)----(office_LAN)

eg. for the ip addresses

internet router poiting towards pix will b 202.1.1.1/26, pix ip adddress pointing towards internet_router will b 202.1.1.2/26, pix_firewall's interface pointing towards LAN will be 192.168.1.1/24 which will b connected on the LAN switch & all the pc's connected on the switch will have the 192.168.1.0/24 subnet.

hope this helps.

rate this post.

In a home lab setup, is it OK to do it this way:

CableModem-->PIX-->Router-->Switch

if yes, who should handle NAT? router or PIX?

Also, all access-lists will be handled by the PIX? or both PIX and Router?

TX

bump

does that mean the pix and router both have public ip addresses, and would the router be using ip unumbered ?

Hi carl

In normal scenario we use public ip address above the pix outside interface.yes u r right we need to have public ip address in both router n pix.pix is going to function as a nat device.i am not sure weather we can go with ip unnunbered on router.but i think it would work.

Thanks

Mahmood

can u give me an example of your setup then ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco