Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configuring Pix 501 for ADSL?

Status
Not open for further replies.
mRgEE

mRgEE

IS-IT--Management
Oct 13, 2003
61
GB
Hi,
I have new hardware that I need to configure to connect to my ADSL ISP (PPPoa). The hardware consists of a new ADSL modem / router (Smartax MT882) that I will connect to the Cisco Pix 501 to protect my internal home network.
I have been assigned 2 public ip addresses by my ISP.
I have options of RFC2684 Bridged in 1) pure bridge mode 2) static ip mode or 3) DHCP mode on my Modem / Router. Which option do you recommend? Would you recommend that my second public IP is assigned to the Cisco Pix that is behind the modem / router?
How do I go about configuring this setup?
Confused.
 
Sort by date Sort by votes
Hi,

I've never used that ADSL modem before so I'm not sure of the config. You need to assign 1 static IP to the external interface of the modem and the other static IP to the outside interface of the pix. Configure the modem to pass all traffic to the 2nd IP (pix outside).
As for the pix, if you are not confident with the CLI, use the PDM and use the startup wizard to configure the pix with the static IP, default gateway (1st static IP on the modem)etc. Out of the box, the only thing you'll need to change on the pix is the telnet and enable passwords and configure it to not reply to icmp traffic.

Regards Colin.
 
Upvote 0 Downvote
Thanks for the reply, the thing I don't understand about this configuration is: -

1) Assign public ip 1 (255.255.255.252) to WAN interface of modem /router (no probs)
2) Assign public ip 2 (255.255.255.252) to outside interface of pix (no probs)
3) Connect outside interface of PIX to the LAN interface on the modem/router (problem here is that the LAN interface on the modem/router would need an IP address. As this is a LAN interface and I have already used my 2 static WAN ip addresses I can only assign this interface a non routable IP address? Then as the other end is my pix with public ip 2 how do they pass traffic?
 
Upvote 0 Downvote
I will try and answer your second point, since you have only two IPs and the backside of your router and the frontside of the firewall need to be in the same segment you have only one practical option, if we assume that your router is capable of NAt'ing then I would use one of those two IPs for my WAN interface and the backside of the router would be private IP which will be in the same segment as the frontside of the firewall, which means the backside of the firewall would also be another non-routed IP block, so you are double NAt'ing.

I said only one practical option because there also one more option which I would not recommend, you can use one IP for the WAN interface and the second IP for the backside of the router which would mean that you have to increase the subnet-mask so you can also give IP in the same block to the frontside of the firewall, but remember this IP is not actually routed to you so you cannot reach it from the net.




Hope that helps
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
809
Johnkite
Johnkite
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
398
acabezas2014
acabezas2014
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
685
XLNTech1
XLNTech1
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
202
xwray
xwray
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
999
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top