Cisco PIX 506E as a standalone router?

[SacredHP]

Forgive me if this is a novice question, but can I use a Cisco PIX 506E as a standalone router/firewall? I may be able to get my hands on a used one from my dad's company and want to know if I can just plug it into my DSL modem and hook it up to my network switch. Thanks!

 

[DVAmon]

To the best of my knowledge, PIX firewalls cannot route traffic, but if you had a Cisco router, you could setup the router to route your traffic, and setup the PIX to do NAT and as a FireWall..any of the local Cisco pros can feel free to correct me if I am mistaken.

 

[NetJunkie]

It will do NAT..which is what most people buy "routers" for. I'm switching my PIX 501 out though. They don't do UPNP and I want it for Xbox Live.

 

[SacredHP]

If it does NAT and can act as a DHCP server, I guess my only other question is if it would allow me to log into my ISP using PPPOE. I have an old Netgear FVS318 firewall and the PIX 506E appears to do everything my Netgear does. I just want to confirm. Is there anyone on this board running a 506E as a router? Thanks for everyone's feedback so far.

 

[Malk-a-mite]

running a 506E as a router?

Just keep repeating this line:

"Firewalls do not route"
"Firewalls do not route"
"Firewalls do not route"

With that in mind, about half way down this page:
http://www.tribecaexpress.com/Cisco_PIX_506E.htm

Robust Small Office Networking
DHCP client/server
* Obtains IP address for outside interface of firewall automatically from service provider
* Provides IP addresses to devices on inside network of the firewall
NAT/PAT support
* Provides dynamic/static Network Address Translation (NAT) and Port Address Translation (PAT) capabilities
* Allows multiple users to share a single broadband connection using a single public IP address

PPPoE (available Q1 2002)
* Ensures compatibility with networks that require PPP over Ethernet (PPPoE) support

Cool? Good, now go back to the top of this post and repeat the chant because when things go wrong with the PIX you'll need to remember that.


[... it's burned into my head after issues with a VPN failover problem in a lab....]

 

[NetJunkie]

If it does NAT and can act as a DHCP server, I guess my only other question is if it would allow me to log into my ISP using PPPOE. I have an old Netgear FVS318 firewall and the PIX 506E appears to do everything my Netgear does. I just want to confirm. Is there anyone on this board running a 506E as a router? Thanks for everyone's feedback so far.

Like I said. I'm using a PIX 501. It runs the same software as the 506E you're looking at. Yes, they can do PPPoE. They NAT just like the small little routers people buy.

 

[BobSutan]

To answer the OP's original question, it depends. So long as you have a current PIX OS that supports PPPoE you should be fine. DHCP was released a few years ago as well for the PIX, which is useful if you don't want to deal with static addressing. As for the routing capabilities, the PIXs have been able to do RIP for several years. Since the introduction of 6.3 the PIXs have been capable for OSPF (in a limited fashion). But all of that probably doesn't even matter. Most ISPs will have you running a "router-on-a-stick" configuration where you default route everything from your CPE to the next-hop device..

 

[SacredHP]

BobSutan - thanks!!! THAT is EXACTLY what I wanted to know. Sounds like I am good to go then.

 

[MorfiusX]

"Firewalls do not route"

What would give you this idea? A firewall must route to perform its function, albeit in a secure fashion.

A firewall must have two interfaces on different networks/subnets in order to function properly. The whole process of taking a packet from one interface and putting it on another is routing. A firewall just adds a layer of inspection to that packet based on a set of rules.

 

[Malk-a-mite]

What would give you this idea? A firewall must route to perform its function, albeit in a secure fashion.

A firewall must have two interfaces on different networks/subnets in order to function properly. The whole process of taking a packet from one interface and putting it on another is routing. A firewall just adds a layer of inspection to that packet based on a set of rules.

Would you prefer:

"As part of core function firewalls do not normally perform the same as a router so do not expect it be able to perform to the same level as a device whose primary goal is the routing of packets in such circumstances that require multiple possible configurations to be updated due to enviromental conditions that might change during the operation of the device."

..... yeah, I went with "Firewalls do not route" as a shorter version myself.

 

[RokleM]

Would you prefer:

"As part of core function firewalls do not normally perform the same as a router so do not expect it be able to perform to the same level as a device whose primary goal is the routing of packets in such circumstances that require multiple possible configurations to be updated due to enviromental conditions that might change during the operation of the device."

..... yeah, I went with "Firewalls do not route" as a shorter version myself.

No offense, but you're wrong. It's one of the many functions of a firewall. That's like saying a pickup truck can't haul people, beucase it's primary used to haul goods in the bed.

They're mearly trying to state that do not assume becuase a firewall supports routing, that it will do EVERYTHING a full blown router can do.

 

[millhouse]

This is coming from your almost 2x over CCIE. While you may be able to make your PIX think it is a router you will not be happy with the functionality and the setup will take much longer than you ever would want it to.