Using a router to replace a PIX temporarily

TalonKarrde · ‎02-28-2006

Hi All,

I would like to find out if a spare Cisco 1700 series router can replace some of the basic PIX functionality for a while, in terms of being a gateway to our Internet.

The main features I need to replicate are:

* NAT our private networks to the Internet

* Static map a public IP to an internal private IP (we have a number of public IP's that need to map to private hosts).

* Limit what traffic (by port) can come into the network using those static IP maps (ACL)

I think those are the primary functions we need. I know we need to get an Ethernet WIC for it, but aside from this, are the functions above possible?

Cheers

pkhatri · ‎02-28-2006

Hi,

All the features you require are supported on a 1700 series router.

A sample config follows:

interface

ip nat inside

!

interface

ip nat outside

ip access-group 101 in

!

! CONFIG FOR outbound NAT

ip nat pool NATPOOL netmask

ip nat inside source list 1 pool NATPOOL

!

! CONFIG for inbound NAT to servers

ip nat inside source static

!

access-list 1 permit

!

! ACL to limit what comes in

access-list 101....

Hope that helps - pls rate the post if it does.

Paresh

TalonKarrde · ‎03-01-2006

Thanks for that! It looks like precisely what we want to do.

I cant try it yet until we get another network card for our router, but I cant imagine it will vary too much from what you have written.

Again, thanks for your help.