Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
0
Helpful
1
Replies

Typical configuration for Pix501 after router

noleander1
Level 1
Level 1

‎11-07-2013 11:18 AM - edited ‎03-11-2019 08:02 PM

Our network topology is:

  wire from street  -> cable modem   -> router  ->  computers

The router is a simple Netgear wireless router.    We want to install a Pix501 firewall for one of the computers only (cant do it for all computers for a complicated reason).   So we want it to look like this:

  wire from street  -> cable modem   -> router  -> Pix501 ->  one computer

The router uses IP addresses 192.168.1.x.   We installed the Pix501 as shown above, but no matter what configuration we try, it is not working.

I've searched high and low through this forum for typical configuration to use in the Pix501.  I've also read the official Cisco configuration guide at

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/config.html  ... but they all seem to discuss topologies where the Pix501 is between the cable modem and the router. 

Can someone point me to a reference document that suggests a typical Pix501 configration settting for where the Pix501 is between the router and  computer?   Once I get a good starting point, I'm sure I can take it from there.   Thanks!

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎11-07-2013 02:15 PM

Hi,

If your aim is to just simply allow outbound traffic from the user behind the PIX to the Internet then there should not be that many things to configure on the PIX.

It would either have a static "outside" interface configuration with a static default route configuration pointing towards the Router gateway interface in the network 192.168.1.0/24.

If you have the PIX using DHCP then it will probably get the IP address and default route from the Router automatically.

Next you would have to make sure you have configured Dynamic PAT for the user so its connection will show up coming from the 192.168.1.0/24 address space to the Router. Otherwise it might be visible to the Router with its original IP address and naturally the connections wouldnt work.

I guess you could always share the current configuration and let us see if there are any problems there. The software version and the device itself are pretty old though. Pretty ancient configuration format

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card