PIX to 877 router, static NAT?

By g18c ·
Hi, i have a PIX (masquerading on its external interface, connected to a 877 dsl router ( whos address is obtained by
dialer interface.

As the PIX is doing the connection sharing via PAT for all the internal users, i would like the PIX to be the firewall rather tha the 877
router (ideally i would like the PIX to have the internet connection as a directly attatched interface but this as this is not possible i would like to foarward ALL packets from received by the 877 to the PIX instead, kinda like a bridge). Is it possible to have the 877 simply NAT the address of the PIX,, to its external dhcp obtained ip address, and vice versa? This would allow me to configure the PIX for port forwarding onto the DMZ etc.

Any pointers on configurations much appreciated.



This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

why both ?

by CG IT In reply to PIX to 877 router, static ...

The 800 series is a SOHO quasi consumer level "all in one". The Pix is a firewall.

If you want a PIX as the perimter, then use it and get a regular router not the 800 series. Maybe a 1800 access or 2800 access. you could opt for a 2600 access.

The 800 is a SoHo router that is akin to a consumer level router doing a bunch of things but has the Cisco IOS software. Cisco IOS is not easy to configure for anyone not familiar with it. That's why Cisco bought Linksys. They have a consumer level product that is consumer friendly, rather than trying to make IOS consumer friendly which is can't be because it's all command line. [forget the user friendly config software that comes with it, it's useless].

Collapse -


by mbenitez In reply to PIX to 877 router, static ...

How about using PAT on the PIX.

On the 877 forward out the DSL interface, and to the PIX.

Collapse -

Sure, you can do that

by djdawson In reply to PIX to 877 router, static ...

Contrary to a previous post, the 877 is a fine little router.
As long as it supports the features you need I wouldn't
bother upgrading to anything more expensive.

To do what you want you need this command:

ip nat inside source static interface <int_name>

In place of "<int_name>" put the actual name of the DSL
interface. You'll also need "ip nat outside" on that
interface, and "ip nat inside" on the ethernet interface
facing the PIX. Note that the interface nat command is
relatively new, so you might need newer code to use it,
but since the 877 is a relatively new model anyway I bet
that won't be a problem for you.

HTH - Good luck!

Related Discussions

Related Forums