question on pix 501 "outside" 10base-t

user3657

Member
Mar 5, 2001
184
0
0
i am trying to put the things i learn in school into good use and i have a question. my connection is 30/5 and i wanna run a web server and protect my network with a pix. it says "1 x RJ-45 10Base-T Auto-negotiating Outside", so this means i wouldnt beable to use all of my bandwith, which sucks. is there another way around this, like using one of the "inside" ports as outside? the next model up that has 100 outside is like 900$ :(


 

ScottMac

Moderator<br>Networking<br>Elite member
Mar 19, 2001
5,471
2
0
The outside interface on the 501 can do 100 Mbps.

Once you update the IOS to 6.x, the software will enable both interfaces to 10/100.

Here's the output from one of my 501's (Address deleted to protect the innocent :D ). This is connected to a 3Mbps AT&T DSL I use for inbound VPN to my home network.

interface ethernet0 "outside" is up, line protocol is up
Hardware is i82559 ethernet, address is 0013.6042.8a8c
IP address xxx.xxx.xxx.xxx, subnet mask 255.255.255.255
MTU 1492 bytes, BW 100000 Kbit full duplex
1476378 packets input, 1086093230 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
1134998 packets output, 98891755 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max blocks): hardware (128/128) software (0/4)
output queue (curr/max blocks): hardware (0/25) software (0/1)

(Show version)

Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 04-Aug-05 21:40 by morlee

pix-dsl up 60 days 9 hours

Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
Flash E28F640J3 @ 0x3000000, 8MB
BIOS Flash E28F640J3 @ 0xfffd8000, 128KB

0: ethernet0: address is 0013.6042.8a8c, irq 9
1: ethernet1: address is 0013.6042.8a8d, irq 10
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces: 2
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: 10
Throughput: Unlimited
IKE peers: 10

This PIX has a Restricted (R) license.

Serial Number: {Deleted}
Running Activation Key: {Deleted}
Configuration last modified by enable_15 at 12:08:20.981 CDT Sun Oct 22 2006
pix-dsl#

FWIW

Scott
 

user3657

Member
Mar 5, 2001
184
0
0
thanks this is good to know. i will be hosting a public fourm website. i understand about nap or whatever and how to hide a server and what not but, i shop online, so my concern would be someone stealing my cc numbers. i would just use pap, or whatever you call it to make it hard for sniffers to guess the next packet right?

it would look like this,
internet>pix>2003server>these to are connected using 2 nics>personal pc.

or would it be more secure if i connect "personal pc" using the pix built in switch?


newbie i know, but give me some knowledge :)
 

spyordie007

Diamond Member
May 28, 2001
6,229
0
0
The outside interface on the 501 can do 100 Mbps.

Once you update the IOS to 6.x, the software will enable both interfaces to 10/100.
I thought some of the early 501s' physical port was only capable of 10?
 

spyordie007

Diamond Member
May 28, 2001
6,229
0
0
it would look like this,
internet>pix>2003server>these to are connected using 2 nics>personal pc.

If the Server is also acting as the LAN firewall than it kind of defeats the purpose of having a perimeter network.

I would rather do:
Internet>pix>dmz>firewall #2>LAN
or just
Internet>pix>LAN

For your firewall #2 you could just use something cheap