Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Do iI need a router with my PIX?

I have cable connection to the internet, the ISP provides me with a DHCP IP. Do I need to purchase a router to put in fromt of my recently purchased PIX or can the PIX handle the routing as well?

Also, how does the PIX handle dynamic IPs on it's external interface? I am a bit confused, thanks in advance.

-- Marc

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Do iI need a router with my PIX?

Yep.

Your external ip on the pix can be dynamic or static

Your internal ip on the pix needs to be static. The pix can act as a dhcp server for your interla network ,but it sounds like you already have that all set up. Just exclude an ip address from the internal pool, and use that for your pix. Make sure you configure your dhcp server to pass that ip as the new default gateway.

7 REPLIES
Silver

Re: Do iI need a router with my PIX?

The pix can handle static routes, and has limited dynamic routing functionality. Pix can handle dynamic ips fine.

I have a pix 501 at home on a cable modem - it grabs the external ip address dynamically, and parses the dhcp option to get the default route

New Member

Re: Do iI need a router with my PIX?

Hi Marc,

You don't need a router, pix can act as dhcp client.

ip add outside dhcp setroute

the above command will allow you to get the ip address for outside interface as well as the default gateway for the pix.

I hope this helps.

Syed

New Member

Re: Do iI need a router with my PIX?

What if I do my internal DHCP through my Win2k servers? Can I just set the PIX to handle the DHCP from the ISP on the external interface and set some type of NAT on the PIX. Can I set a static internal IP from the win2k DHCP server to the internal interface on the PIX. Sorry just a newbie with CISCO. Thanks.

Silver

Re: Do iI need a router with my PIX?

Yep.

Your external ip on the pix can be dynamic or static

Your internal ip on the pix needs to be static. The pix can act as a dhcp server for your interla network ,but it sounds like you already have that all set up. Just exclude an ip address from the internal pool, and use that for your pix. Make sure you configure your dhcp server to pass that ip as the new default gateway.

New Member

Re: Do iI need a router with my PIX?

Thats great! Anything else I should study up on to become a PIX expert? Is NAT difficult to configure in relation to the firewall? i.e. can I cancell out a port forwarding statement by using an ACL stament? Thanks again.

New Member

Re: Do iI need a router with my PIX?

If you go to the following link it has some really good tech tips on pix firewall.

http://www.cisco.com/pcgi-bin/Support/browse/psp_view.pl?p=Hardware:PIX&s=Software_Configuration#Software_Samples_and_Tips

Port redirected (static nat) is used for inbound traffic. Let say if you have a mail or ftp server and you want to allow traffic from outside to inside, this is where you will be using port redirection. In order to allow access from outside to inside you need both static nat and access-list since they both work in conjunction.

For the oubound traffic you can configure PAT to use your interface ip address.

You don't need any access-list for outbound traffic since by default everything is permited. Here is the command syntax for outbound PAT.

global (outside) 1 interface

nat (inside) 1 0 0

I hope this helps.

Regards,

Syed

New Member

Re: Do iI need a router with my PIX?

Thanks for all you help. Can't wait to get started.

--Marc

131
Views
0
Helpful
7
Replies