11-11-2005 11:00 AM - edited 02-21-2020 12:31 AM
I have a customer who wants to use their PIX 506E with their new 1841 basic IP IOS router. They have 1 IP address available. Is it possible to just have the PIX be a firewall and all routing functions work through the 1841 or will I need NAT turned on the PIX with IP addresses on the interfaces?
Internet --> PIX506E --> 1841 --> 2950T. This customer also wants VPN with Radius capabilities... Ideas?
11-15-2005 08:24 PM
hi,
so the IP address that you said available , is it another Ip address other then what is assigned to the router?
if not, then the option you have is to run NAT on the router
11-16-2005 06:13 AM
After talking with Cisco TAC...
Looks like we can do 1 public IP addy to PIX506E to external interface, then internal IP address to internal interface facing the 1841 external interface. Then having NAT/PAT taking place there.
Internet IP -->66.55.44.33/30 PIX506 External
Internal IP -->192.168.0.1 PIX506E Internal
Internal IP -->192.168.0.2 1841 External
Internal IP -->192.168.0.3 1841 Internal
I would think that the conversion from external public IP to internal IP schema would require the NAT conversion...
11-16-2005 12:37 AM
I assume that the available ip address that you have will be assigned to the outside interface of the PIX506E, is that right? If so you need to configure PAT on the PIX firewall using the 'global' and 'nat' commands.
Hope this helps.
11-16-2005 06:19 AM
Thanks for the fast response... In lies my dilemma.
The customer wants the 506E to just be a Firewall, not a router doing NAT/PAT. That was my first option but with 1 ip address. They purchased an 1841 from Cisco under the impression that the PIX would be the Firewall and the 1841 (IP base IOS) to be the router...
11-16-2005 02:00 PM
We have revisited the IP scheme and the ISP has decided to give us 5 IP addresses. This changes the scope. The new plan is to have NAT/PAT on the 1841 and have the 506 just doing firewall functions...
Internet
66.55.44.33 External IP of 506
66.55.44.34 Internal IP of 506
66.55.44.35 External IP of 1841
10.1.1.1 Internal IP of 1841
Do I need to have NAT on at all on the PIX?
Thanks,
LT
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: