How to setup Pix 501 with 1 public IP address

[Minue]

Hello to all
Could some please help me to setup the PIX 501 in a LAN with only 1 static public IP address.
Our current set is a simple DSL router using the assigned static IP address on the WAN interface and NAT/PAT on the LAN inteface to give Internet access to 8 clients.What I am confused about is being that I will have to give Pix 501 a private address on it's "OUTSIDE" interface to connect it to the router (and normally it seems from all of Cisco setups that PIX should have a public address on the outside interface).I am wondering will it work as it should.
Thanks a million in advance

 

[KiscoKid]

You *can* do what you've described, it just means you're double NATing, i.e. you are NATing on the PIX (private to private addresses) and NATing again on the DSL router (private to public).

Personally if you want to start to use a PIX at your perimeter, I'd request a total of (at least) 2 public IP addresses from your ISP and assign them to the router/PIX respectively. This will make your proposed setup far less complicated and remove the double NAT'ing I've described above.

 

[Minue]

Hello
Thanks a million for your reply?You have really help!Anyway I will have to use the Pix with the double NATing because ,the Boss doesn't want to spend the money for another IP static.
Just one last question will I be able to do Easy VPN to allow a home worker to access the network with this double NATing.
Thank a million

 

[Triplejolt]

Setting up the PIX to allow VPN users to connet to it, means it will have to get VPN requests relayed by the DSL router. This because the DSL router holds your "outside" address. Should work if your ISP forwards the VPN requests (UDP 500) to your PIX. It gets a bit more complicated this way, but it should work.

A firm beleiver of "Keep it Simple" philosophy
Cheers
/T

 

[Minue]

Thanks a Million.For your help.I guess I have my work cut out for me.I now do understand why you need more than 1 public address before you can get a PIX really going.
Thanks again

 

[NetworkGhost]

You dontneed more than 1 IP to get a Pix going. You could get sut up your DSL in Bridge mode and let the pix do the PPP connection so you will be able to have the outside ip on the pix. Double natting leaves to many questions especially on a DSL router.

 

[Minue]

Thank a lot.That's a good idea.But I have notice that that the PIX supports PPPoE and my ISP uses PPPoA.Will the PIX support PPPoA as well?
Thank again

 

[KiscoKid]

No you can't do this as the PIX doesn't have an ATM interface.

 

[NetworkGhost]

Yeah PPPOA is unsupported. Call your ISP and get your line changed. Im sure with a Cisco router you could make the PPPOA connection for your Pix but I belive that would require 2 IPs like Kiscokid was saying earlier.

 

[Minue]

Thanks again guys.I always thought PPPoA was a better protocol.But it seems as far as compatability goes that PPPoE is the winner.I will drop my ISP a line and see if it's possible to switch to PPPoE.
Thanks a lot for your patients. You are all very helpful and kind.