03-21-2007 08:23 AM - edited 03-11-2019 02:50 AM
First of all, thank you for remembering when you first started with PIX appliances...
I recently purchased a pre-owned PIX 506 running software version 5.1(2). I am currently unable to upgrade this software since I do not have the apprpriate 'service contract', so I am stuck with this software version.
Although I did receive the manual 'Configuration Guide for the Cisco PIX Firewall Version 5.1', I am a bit lost with this firewall.
My network:
ADSL Router (ISP Provided) =>PIX=>Switch=>Network
Subnet: 192.168.254.0/24
Netmask: 255.255.255.0
Static External IP assigned by ISP:74.41.202.106
Questions:
1) The 'inside' interface should be a LAN assigned IP? (Ex. 192.168.254.3)
2) What should the 'outside' interface be set to?
Solved! Go to Solution.
03-21-2007 09:20 AM
So I should set the following:
1) Inside Interface IP: 192.168.254.2
- Yes.
2) Outside Interface IP: 192.168.254.3
- No. The outside interface and inside interface cannot be in same subnet. You should use 74.41.202.106 on the outside interface of PIX and connect the outside interface to the ADSL modem.
3) PIX Gateway IP:192.168.254.1 (since this is the LAN IP of the router)
- Not sure where is this router placed. Is your ISP terminating currently on this router? What type of connection do you have .. PPPoE/PPPoA/DSL etc?
Also, it seems that you already have a network setup with ISP terminating on the router and internal network connected to the 192.168.254.1 interface. Now you are trying to place a PIX in between. Let me know if this is the situation.
Regards,
Vibhor.
03-21-2007 08:34 AM
Questions:
1) The 'inside' interface should be a LAN assigned IP? (Ex. 192.168.254.3)
- Yes, inside interface should be in 192.168.254.0/24 subnet. You can choose any free IP and make it as the gateway for the internal network.
2) What should the 'outside' interface be set to?
- "Static External IP assigned by ISP:74.41.202.106", as this is the IP given to you by your ISP, this should be on the outside interface of PIX. However, they must have also provided the subnet mask and the gateway IP. Please use the subnet mask while configuring IP address on outside interface, and use the gateway_IP as such:
route outside 0 0 gateway_ip
With this command in, PIX will know where to route traffic for internet.
Hope that helps.
Regards,
Vibhor.
03-21-2007 08:36 AM
Hi,
1) correct
2) If 74.41.202.106 is the ADSL router address, you should set the "outside" interface to an address in the same subnet of your ADSL Router. And your default gateway on your PIX will be the ADSL Router.
Hope it helps
03-21-2007 09:10 AM
Here is my subnet structure:
Router LAN IP: 192.168.254.1
* 74.41.202.106 IP is the static IP I lease from my ISP for access to my web servers/email servers FROM the internet.
So I should set the following:
1) Inside Interface IP: 192.168.254.2
2) Outside Interface IP: 192.168.254.3
3) PIX Gateway IP:192.168.254.1 (since this is the LAN IP of the router)
My gartitude ahead of time...
03-21-2007 09:20 AM
So I should set the following:
1) Inside Interface IP: 192.168.254.2
- Yes.
2) Outside Interface IP: 192.168.254.3
- No. The outside interface and inside interface cannot be in same subnet. You should use 74.41.202.106 on the outside interface of PIX and connect the outside interface to the ADSL modem.
3) PIX Gateway IP:192.168.254.1 (since this is the LAN IP of the router)
- Not sure where is this router placed. Is your ISP terminating currently on this router? What type of connection do you have .. PPPoE/PPPoA/DSL etc?
Also, it seems that you already have a network setup with ISP terminating on the router and internal network connected to the 192.168.254.1 interface. Now you are trying to place a PIX in between. Let me know if this is the situation.
Regards,
Vibhor.
03-21-2007 09:23 AM
diagram is in his first post. it appears to be adsl router not modem. I assume 74.41.202.106 is the address on outside of router so he cannot make this pix outside.
03-21-2007 09:30 AM
acomiskey is correct...
03-21-2007 09:29 AM
This firewall is being integrated into an existing network where the router's IP (192.168.254.1) was set as the 'Default Gateway' on workstations and servers (Windows based) and as the 'forwarding' address in Windows DNS.
Physically, here is my layout before PIX:
===Internet===
|
|
===Router=== (LAN IP of 192.168.254.1)
|
|
===Switch=== (unmanaged)
|
|
===Network=== (Web/Email servers-IPs set)
I am placing my PIX AFTER the router:
===Internet===
|
|
===Router=== (LAN IP of 192.168.254.1)
|
|
===PIX 506===
|
|
===Switch=== (unmanaged)
|
|
===Network=== (Web/Email servers-IPs set)
**Connection type is PPPoA
03-21-2007 09:36 AM
Thanks for the updates. However, in this scenario, we will have some major changes ..
As I mentioned earlier, outside and inside interfaces of PIX cannot be in same subnet, thus, if we place PIX in between, we will have to change the network addressing on whole internal network.
LAN IP of router will remain 192.168.254.1, which will also be the gateway IP of the PIX. You can assigne PIX outside interface any free IP in the same subnet. Now we need to give inside interface a totally new subnet and whole of your internal network will also be in the same new subnet as of PIX's inside interface. Let me know if this suits you.
Regards,
Vibhor.
03-21-2007 09:46 AM
So if I understand correctly, this will be my setup:
1)Router IP: 192.168.254.1
2)PIX OUTSIDE interface: 192.168.254.2
3)PIX INSIDE Interface AND whole internal network: New subnet of 192.168.253.0/24.(or whatever new subnet I want to assign)
03-21-2007 11:29 AM
If it were me, I would ditch the dsl router, get a dsl modem, assign 74.41.202.106 to the outside of pix, 192.168.254.1 to inside and be done with it. Then you won't have to change anything on the inside. Unless of course, you need an outside router. And it may have been easier to just change the transport network between the outside router and pix, rather than change your inside network.
03-21-2007 01:16 PM
My gratitude for everyone's time...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide