Cisco Support Community
Community Member

PIX 506 Firewall with 1841 Router

I have a customer who wants to use their PIX 506E with their new 1841 basic IP IOS router. They have 1 IP address available. Is it possible to just have the PIX be a firewall and all routing functions work through the 1841 or will I need NAT turned on the PIX with IP addresses on the interfaces?

Internet --> PIX506E --> 1841 --> 2950T. This customer also wants VPN with Radius capabilities... Ideas?


Re: PIX 506 Firewall with 1841 Router


so the IP address that you said available , is it another Ip address other then what is assigned to the router?

if not, then the option you have is to run NAT on the router

Community Member

Re: PIX 506 Firewall with 1841 Router

After talking with Cisco TAC...

Looks like we can do 1 public IP addy to PIX506E to external interface, then internal IP address to internal interface facing the 1841 external interface. Then having NAT/PAT taking place there.

Internet IP --> PIX506 External

Internal IP --> PIX506E Internal

Internal IP --> 1841 External

Internal IP --> 1841 Internal

I would think that the conversion from external public IP to internal IP schema would require the NAT conversion...

Community Member

Re: PIX 506 Firewall with 1841 Router

I assume that the available ip address that you have will be assigned to the outside interface of the PIX506E, is that right? If so you need to configure PAT on the PIX firewall using the 'global' and 'nat' commands.

Hope this helps.

Community Member

Re: PIX 506 Firewall with 1841 Router

Thanks for the fast response... In lies my dilemma.

The customer wants the 506E to just be a Firewall, not a router doing NAT/PAT. That was my first option but with 1 ip address. They purchased an 1841 from Cisco under the impression that the PIX would be the Firewall and the 1841 (IP base IOS) to be the router...

Community Member

Re: PIX 506 Firewall with 1841 Router

We have revisited the IP scheme and the ISP has decided to give us 5 IP addresses. This changes the scope. The new plan is to have NAT/PAT on the 1841 and have the 506 just doing firewall functions...

Internet External IP of 506 Internal IP of 506 External IP of 1841 Internal IP of 1841

Do I need to have NAT on at all on the PIX?



CreatePlease to create content