Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

pix as proxy ?

I have a cisco pix 501 firewall and have a network of around 160 nodes. I have a proxy server also with which I connect the LAN to the internet and i use the firewall to have servers behind with Live IPs mapped to them. Now what I want is that if i give the default gateway as the pix on my network the traffic should go to the internet as it originates from pix. in other words i want to use my pix as a proxy also. is this possible ?

Thanks in advance.

Ramesh

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: pix as proxy ?

Ramesh,

As previous posts mentioned, PIX cannot act as a proxy server, it can act as a NAT device that is to hide the private addresses. There is a substle difference between the proxy and the hiding the addresses. Basically doing the same thing execept the way of implementation. You might want to do port redirection if you just want to use a single ip address and hide the rest of addresses. In that way, you just need to share a single ip address and it can be PIX outside interface ip address. Thanks,

Mynul

5 REPLIES

Re: pix as proxy ?

If I understand you correctly, you want to hide the devices on your LAN behind the outside IP address of the PIX?

If this is what you mean, you can use the 'nat' and 'global' commands:

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

ps this is not really called proxying, but just NAT (network address translation)

Kind Regards,

Tom

New Member

Re: pix as proxy ?

By design, PIX falls under the category of 'Stateful Inspection packet filters'. The proxy you are referring to, is the second category of firewalls, called 'Application Proxies'. (Examples: Gauntlet from Network Associates), Symantec Raptor -Enterprise firewall). The final and third category of firewalls are the 'Packet Filters'. (Examples: Cisco IOS routers).

Hope this helps, in further clarifying what Tom has mentioned...

Best regards / Sampath.

Srengarajan@att.com

Silver

Re: pix as proxy ?

Ramesh,

As previous posts mentioned, PIX cannot act as a proxy server, it can act as a NAT device that is to hide the private addresses. There is a substle difference between the proxy and the hiding the addresses. Basically doing the same thing execept the way of implementation. You might want to do port redirection if you just want to use a single ip address and hide the rest of addresses. In that way, you just need to share a single ip address and it can be PIX outside interface ip address. Thanks,

Mynul

New Member

Re: pix as proxy ?

hi mynul,

Thanks for the info.

Ramesh

New Member

Re: pix as proxy ?

Hi Ramesh,

I think understand your question exactly. I will try to answer you...

Pix can be used as a proxy server as the documentation says it can act as "cut through proxy" by just poinnting the default gateway to PIX and removing the browser settings but I would still recommend you not doing it because you loose on the caching and pre- caching of the visited sites which is supported in other proxy servers like squid proxy which significantly improves the internet response.

Secondly, even if you point to PIX as a default gateway with Nating enabled you can still continue using your older proxy server by configuring your browser connection setting to use it but doing so you will achieve everything as far as NATing and Cacheing is concerned.

It is possible to use in both ways but you have to seee the merits of using it..I strongly recommend you not to use PIX as a proxy as it may increase your internet traffic due to loss of caching.

-Abhi

150
Views
0
Helpful
5
Replies
CreatePlease to create content