General discussion

Locked

PIX-515 Firewall

By russellrl2 ·
Recently purchased a Cisco PIX-515 firewall. I am told that I have 3 configuration options available.

#1 - Move all nodes to 1 public subnet.

#2 - Continue to use both public subnets.

#3 - Use private IP addresses on all nodes and use network address translator in the PIX to allow access to external network.

Option #2 is my choice as it requires the least work on my part. However, I am told that I will need an additional router because multiple IP addresses cannot be bound to the inside PIX interface to route between the two subnets.

What kind of router (number of interfaces, etc.) would I need for this. There are so many choices to sort through.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

PIX-515 Firewall

by MCSE Rabbi In reply to PIX-515 Firewall

There are a variety of Cisco routers you could choose. Without know the specifics of your network (number users, number of subnets, etc) it would be impossible to make a good recommendation.

The best place to start is with the Cisco router products page:

http://www.cisco.com/univercd/cc/td/doc/pcat/rt____d1.htm

Scroll down until you find "Cisco 3600 Series". Check out the 3600, 2600, and 2500 series.

Collapse -

PIX-515 Firewall

by russellrl2 In reply to PIX-515 Firewall

Poster rated this answer

Collapse -

PIX-515 Firewall

by mshavrov In reply to PIX-515 Firewall

Solutions for option #2 depend on your budget. Easiest thing which come to mind is just install third card into PIX Firewall and conect 2 your networks to 2 cards and Internet router to third. Sure you should play a little to turn on traffic betweeninternal networks, but it's not a big problem.

Second option is available if you have adjucent public networks (for example, 100.100.1.x & 100.100.2.x). Im this case you may create "supernet" interface on PIX firewall (100.100.1.x / 255.255.254) and connect both networks to one switch or hub.

Third option is in using router but there are no "inexpensive" Cisco solution for 3 Ethernet ports. Lowest model is Cisco 3620 with additional Fast Ethernet module, which will cost you a few grands.
Option #1 depend on number of users you have. If you have more than 254 hosts in your network, you can't use this.

Option #3 is prefered solution because it will provide to you additional level of security, because you will not expose your network infrastructure to Internet. Sure you can do NAT (Network Addresses Translation) on 1:1 basis. So on...

Good luck,

Collapse -

PIX-515 Firewall

by russellrl2 In reply to PIX-515 Firewall

Poster rated this answer

Collapse -

PIX-515 Firewall

by russellrl2 In reply to PIX-515 Firewall

This question was closed by the author

Back to Security Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums