Cisco Pix 501 and Linksys router

Discussion in 'Cisco' started by chappobluff, Jul 6, 2005.

  1. chappobluff

    chappobluff Guest

    I have a Linksys router connected to a cable modem.

    I just got a cisco pix 501 off of ebay and I want to put it behind the
    Linksys router, then all systems behind the pix.

    Can I configure int0 with a private address?

    So if I give the internal network behind the PIX 192.168.3.1
    then the outsidie int0 192.168.2.1

    Then my linksys router 192.168.1.1

    Then create a static route between the PIX and the Linksys.

    Will this work. I was told that I could not configure the outside
    interface with a private address.

    Thanks
     
    chappobluff, Jul 6, 2005
    #1
    1. Advertisements

  2. chappobluff

    Martin Kayes Guest

    Yes, you can put any address on the outside interface. I have a similar
    setup working with several customers.

    Regards,

    Martin
     
    Martin Kayes, Jul 7, 2005
    #2
    1. Advertisements

  3. chappobluff

    Ronin Guest

    I can confirm that this can be done as I am currently doing it myself
    (however I am using a Draytek instead of a Linksys).

    At present from the PIX I can ping outside to the Internet but PC's from
    behind the PIX (although they have a correct configured IP address) can only
    ping to the inside interface of the PIX but cannot go out!

    I am wondering whether this is due to the fact that there is NAT happening
    on the Draytek but not sure what else to do, if anyone can give any tips
    that would be great!

    J
     
    Ronin, Jul 8, 2005
    #3
  4. chappobluff

    Martin Kayes Guest

    It depends how your NAT is setup. If the Draytek router is doing a 1:1 NAT
    to the outside interface address of the PIX, then the PIX will need a global
    nat setting up to translate the PC's to it's own outside interface address.

    If the Draytek is doing a many:1 PAT translation and is using the PC's
    subnet as the source then the PIX will need a nat 0 statement for the PC
    subnet to be allowed to reach the Draytek with their original IP's intact.

    If that isn't too clear then could you confirm which types of NAT & relevant
    addresses you are using.

    Regards,

    Martin
     
    Martin Kayes, Jul 13, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.