Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX Firewall Placement

I have a pix firewall which I was planning to place between our msfc and our isp link. Since the connection to the isp is 100Mbps I didn't see the need to use another (border) router for media conversion.

We plan to run ebgp through the pix and have tested this with ebgp-multihop and static routes to bring up bgp and this works ok.

However, our isp tells me that this is not the norm and I was wondering if there are any potential problems with this setup.

  • Other Security Subjects
2 REPLIES

Re: PIX Firewall Placement

What type of termination is available on the pix outside interface towards your ISP ? Are you using cable, dsl ??? It would be a better idea to have a router on the outside interface, in many ways, First of all you can have IOS firewalling configured on the border router. Also adding more links for increasing bandwidth, multihoming, etc would be easy.

New Member

Re: PIX Firewall Placement

Just curious,

1) Will you be running NAT or can you run NAT?

If so, your ISP's router should already by adversting its directly connected network therefore, Is it possible you can NAT/PAT all inside networks to the existing address 'you hold' and just put the firewall in line with your connection to the ISP? (You would be making the global NAT/PAT address the address the ISP has given you)

If you have services running on networks that you otherwise need advertisded to the NET you can port forward to them provided you are running version 6.2.2 +.

This eliminates the headache of BGP.

Let me know,

-Jeremy

131
Views
0
Helpful
2
Replies
This widget could not be displayed.