My ISP insists on using a /30 IP WAN block to connect to its equipment even though it is an ethernet handoff. They wil then route a /27 public IP block to my firewall. I would have liked to skip the WAN block and connect my PIX directly to the interface but now have to deal with two sets of IP blocks and routing between them but I still want to avoid having to use a router in between their equipment and my firewall.
Is it possible to use one of the switch ports on the PIX and configure it as a separate VLAN to handle the WAN block and then route internally to another VLAN with the public block and still be able to use NAT, ACL and IPSec on the PIX?
You may not able able to do that on PIX/ASA. I ran into similar issue but luckily got a deal from ISP on router ;-).
Lets see if experts have any suggestions.
Not possible on the 501series. Sorry, but your going to need a router or L3 switch at the bare minimum. If you don't have any handy, then it may be more cost effective to get a pix-515 with a port expansion card (giving you 6 total, as you only get 2 by default). Good luck.
What about with a 5505? It seems like I will soon have a similar issue but at the other site I have a 5505. It is a different provider so I am not sure if they will give me as hard a time but if they do I would like to try to use both the /30 and the public block on the one device.