cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
618
Views
0
Helpful
5
Replies

PIX 506 Firewall with 1841 Router

lance-ten_2
Level 1
Level 1

I have a customer who wants to use their PIX 506E with their new 1841 basic IP IOS router. They have 1 IP address available. Is it possible to just have the PIX be a firewall and all routing functions work through the 1841 or will I need NAT turned on the PIX with IP addresses on the interfaces?

Internet --> PIX506E --> 1841 --> 2950T. This customer also wants VPN with Radius capabilities... Ideas?

5 Replies 5

nkhawaja
Cisco Employee
Cisco Employee

hi,

so the IP address that you said available , is it another Ip address other then what is assigned to the router?

if not, then the option you have is to run NAT on the router

After talking with Cisco TAC...

Looks like we can do 1 public IP addy to PIX506E to external interface, then internal IP address to internal interface facing the 1841 external interface. Then having NAT/PAT taking place there.

Internet IP -->66.55.44.33/30 PIX506 External

Internal IP -->192.168.0.1 PIX506E Internal

Internal IP -->192.168.0.2 1841 External

Internal IP -->192.168.0.3 1841 Internal

I would think that the conversion from external public IP to internal IP schema would require the NAT conversion...

arverzosa
Level 1
Level 1

I assume that the available ip address that you have will be assigned to the outside interface of the PIX506E, is that right? If so you need to configure PAT on the PIX firewall using the 'global' and 'nat' commands.

Hope this helps.

Thanks for the fast response... In lies my dilemma.

The customer wants the 506E to just be a Firewall, not a router doing NAT/PAT. That was my first option but with 1 ip address. They purchased an 1841 from Cisco under the impression that the PIX would be the Firewall and the 1841 (IP base IOS) to be the router...

lance-ten_2
Level 1
Level 1

We have revisited the IP scheme and the ISP has decided to give us 5 IP addresses. This changes the scope. The new plan is to have NAT/PAT on the 1841 and have the 506 just doing firewall functions...

Internet

66.55.44.33 External IP of 506

66.55.44.34 Internal IP of 506

66.55.44.35 External IP of 1841

10.1.1.1 Internal IP of 1841

Do I need to have NAT on at all on the PIX?

Thanks,

LT

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: