You should let the PIX handle the NATing. Just put the 2600 and the PIX in outside interface in the same switch > > From: "[EMAIL PROTECTED]" > Date: 2003/01/08 Wed PM 01:52:48 EST > To: [EMAIL PROTECTED] > Subject: Pix Configuration Help? [7:60631] > > Router Configuration Help. > > I am currently using a Cisco 2621 router for my company firewall. Serial 0's > interface (CSU/DSU) is connected to the phone company. Ethernet 0 is > connected to my LAN. I currently use CBAC / ACL's to control access from > Inside/Outside and vica versa. > > The phone company has issued me 8 static class A ip addresses, and > instructed me to setup a static route to a class B Address on their side > (point to point connection between my router and their router). > > I just purchased a PIX 515E and have some questions about the configuration > behind the 2621. What is the best way to set this up? > > How should I set up the static route between the routers now? Should I > create a point to point connection between my PIX and the 2621 using a class > C address. What about Nat'ing my internal addresses to the registered > addresses that have been assigned (Global)? > > I know I probably missing some information but hopefully we can start there. > > Thanks in advance > > Help from another below: > --------------------------------------------------------- > It would be tons-o-fun to explain all the things you can do but the best > approach should be to go to this website below. It gives some great small to > medium design topologies and configuration examples as well. Best of luck! > start here for all the white papers: > www.cisco.com/go/safe > This white paper best works for your environment > www.cisco.com/en/US/netsol/ns110/ns129/ns131/ns128/networking_solutions_impl > ementation_white_paper09186a008009c8a0.shtml > > My Reply: > ----------------- > Thanks for the info. I read the whole paper last night well most of the 76 > pages. Some really good info... I'm still looking for more configuration > scenarios so keep em coming if you got em. > > I'm still Fuzzy about the NAT configuration using my global address in the > PIX versus keep the NAT configuration on my 2621. > > Should I just use extended access list on the 2621 and move all the NAT > configuration to the PiX box? > > Right now I only have a 2621 with CBAC / ACLs between the me and the outside > world. > > This is what I THINK I should do: > Remove all the NAT pool and static mappings from the 2621. Keep the ip route > statement (forwarding all packets to the S0 interface), the CBAC and some > extended ACLs. > Next: > Change the E0 port (currently connected directly to my internal network used > as the Gateway) on the 2621 from the class B internal LAN address to a > 192.168.0.1 255.255.255.254. Configure my PiX E0 (outside) addresss to > 192.168.0.2 255.255.255.254 creating a point to poing connection between the > 2621 and the PiX. Then configure E1 (inside LAN) on the PiX to a class B > address that I will use as the internal subnet's gateway. Now I will issue > another ip route statement on the PiX to route all 0.0.0.0 0.0.0.0 to > 192.168.0.2 (E0) > > Now here's where I get fuzzy. What to do now? > Tell the PiX the Global interface is 192.168.02? Assign a pool of the > registered addresses provided by my ISP and NAT all internal class B > addresses. I know there's Ton's more but any help is good help. Please feel > free to interject (NE1) :) > > Thanks again. Greg Owens 202-398-2552
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60636&t=60631 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
