11-06-2004 09:57 AM - edited 03-09-2019 09:22 AM
I have a pix 501 firewall that I recently picked up and I would like to use in my SOHO, but I am not sure where to connect it.
I have DSL with Sympatio (Canada) with a dlink router/print server. The router establishes my connection for me then I can access email, web etc. My question is this where do I connect the pix? Also what ports do I use? I have tried connecting port 0 to my dsl modem but I keep getting a message saying that the link is down. I have searched but cannot quite get the info I am looking for. So any help would be appreciated.
Thanks
11-06-2004 10:47 AM
The best place to put the PIX given your setup is behind the router. PLease keep in mind that the PIX is shipped with everything turned off and you have to open everything up that you need. Please take a look here for configuration examples.
Also,
depending on your router you may need to connect the PIX to it using a crossover cable and not a straight through.
Hope this helps.
Please remember to rate all replies
11-06-2004 03:22 PM
A PIX firewall should ideally be placed as the first point of entry into your network, but in this situation, since you are using DSL, most likely it is a PPoe connection and will require configuration on the pix to get authenticated to this process so you might want to just leave your internet connection as is if you don't have the expertise to do this, and just plug the PIX behind the router. The E0 interface on the PIX is for the "outside" and E1 is for the "inside". I would reccommend adding a small switch/hub to your network, plugging the E0 interface on the pix to this the switch/hub as well as a free port on the router and then pointing your default gateway on the pix to the router, this will be the "outside" of your internal network/PIX, then all your hosts on the inside will point to the PIX E1 interface as their default gateway ofcourse if you have multiple hosts then again using a again sharing a switch/hub for the E1 interface and those hosts. Your PIX will maintain stateful inpsection of packets tranversing your network based on the security policy you apply. Hope this helps!.
Vik Ahuja
Customer Support Engineer III - VPN/AAA
Cisco Systems, Inc.
CCIE # 11958, CCNP, CSSP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide