Can Pix firewall configured with ADSL Modem

Rizin,

Summing up everything on this thread, you've got two choices. Either terminate your Internet connection on your ADSL and place the PIX behind using a private range IP address, or terminate your Internet connection directly to your PIX firewall, in which case you'll have the real IP address assigned to your PIX Firewall. This second option will require you to place your ADSL into bridge modem.

Depending on the choice you'll make, there will be a different configuration required.

Of course we can help out with either case, but you need to make the first choice

Cheers,

Hi Chris,

Thanks for your reply and I will go with the First Choice Like as you suggest I will connect ADSL Modem directly to the Internet and PIX with private IP Address behind the ADSL Modem.

Now Awaiting for configuration.

Rizin

Ok, now the picture is more clear. There are three ways to do this:

Option 1. Configure the ADSL modem to work as a VPN server and use access lists and static maps on the Pix to allow traffic to pass. The topology would look like this:

[Server]

---

[Pix]

---

[ADSL modem] ==== [Internet]

The === above is VPN connection, This option requires that your ADSL modem support VPN. Look at the GUI/web interface or manual of the modem to check if it does or not.


Option 2: Configure the ADSL modem to work as a VPN server and connect the server directly to it without using the Pix. Some thing like this:

[Server]

---

[ADSL modem] ==== [Internet]

The === above is VPN connection, This option also requires that your ADSL modem support VPN. To be honest, I prefer this option. It's much simpler, faster (since the latency of the pix is removed) and after all the connection between the internet and the modem is already encrypted with VPN/ipsec or VPN/pptp. There is really no point of adding the extra overhead of the Pix UNLESS you have some thing special in mind. Add to that, you can still connect the pix to other ports on the modem and use it for your internal LAN PCs.


Option 3: If your modem does not support working as a VPN server, your only choice is to configure the Pix to do the VPN server part and then configure the modem to allow VPN traffic by allowing VPN TCP/UDP ports to pass through. For example, if you want to use Microsoft's VPN client (PPTP) from the internet, you need to allow port 1723 to pass through the modem (and may be a few other ports).

This option would look like this:

[Server]

---

[Pix] ==== [ADSL modem] ==== [Internet]

Notice that the ==== VPN traffic reaches to the Pix. I have to say here that I'm not sure if VPN would have some issues working over NAT.

Thats as far as I know, so make up your mind on which option would suit you, and then we can help further if you want. Or if Chris or any one has any better ideas, please shoot.

Hi S0lo

Thanks for your efforts and sorry for my delay reply, Well I prefer the option 3 since my ADSL Modem router doesn't supports VPN.

Rizin

rizin,

How did you end up setting up your network? Were you successful in getting the PIX setup? Let us know!


Cheers,

ZiPPy

Hi guys,

I bought the pix 508, I'm still reading and learning abt the commands applied on pix, Once i had gone thru i will let know here the successful status, Guys No offence I'm bit lurking into watching BRITISH GOT TALENT 2009 series in YOUTUBE.COM.

Thanks and Cheers,

Rizin