cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
392
Views
0
Helpful
4
Replies

Router with PIX 501

hugginsgreg
Level 1
Level 1

I have a PIX 501, 50 user license, for my home LAN which consists of approximately 20 computers.

I have been reading different books on the PIX and most of them show a router and then the PIX and then the internal network.

Would there be any advantage to a home user system such as the type that I have in adding a router to the mix before the firewall? The PIX 501 is the first Cisco product that I have ever used and was just curious.

Thanks in advance.

4 Replies 4

gibsthomas
Level 1
Level 1

Hi,

Its very unlikely that anyone would can connect PIX directly to the internet. The router is shown only because the internet connection from ISP connects to one interface of the router and the PIX will be connected to another interface ( usually Fast Eth).. If you have a DSL modem connected to the internet, you can connect the LAN side of that modem to PIX external interface.

In your case you wont need to add a router as long as you already have internet connection from ISP terminating to some device such a modem/ router.

I presume you have DSL or Cable connection

Yes, you are correct. I currently have the following setup:

Cable Modem -> PIX 501 -> Switch -> Internal LAN

I think that where I was going was if I placed a router between the CM and the PIX 501 would there be anything gained as far as additional protection features that the router may offer or does the PIX 501 offer all that I need for the home setup that I currently have?

It depends on your home network.

In some designs people would place a router before the firewall to act as a "choke" router with a rather generic ACL before hitting the firewall, things you know you would never want to hit you. eg. countries you would never go and are known have common attacks from, known spammer's IP range, eg. Though this could be placed at the firewall with no issues, it would distribute the load on the processing and add another layer for someone to go through to get to you. It could also make the PIX ACL a little more readable.

Another reason would be to build a DMZ off of the router rather than the PIX, for what ever reason. In a home network, I would think more along the lines of testing, etc.

hi, how do you configure your pix outside interface to work with the cable modem? do uou use dynamic or static? i am not sure how is the modem's address being assign.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: