Pix 501 and PDM

Hello -

I have an SMC8013WG-CCR from Comcast (business plan) with 5 static IPs.

I need to open up port 80 on a number of computers in my network. For example, my public IP xxx.xxx.164.129 points to my 10.1.10.5 and IP xxx.xxx.164.130 points to my 10.1.10.6. The SMC does not do this. I can only bind public IPs to computers, turn off port forwarding and the firewall built into the unit, which is Not Good.

I talked to Comcast and they told me I need another unit. I've done a

*little* bit of work with a 506 and know that it will do the trick, but I want to use the PDM instead of the command line.

Can I do everything using the PDM built into the 501 that I can do with the 506 on the command line? My needs only extend to the needs above - point multiple port 80s coming into the PIX to individual computers in my LAN. Also ports 21, 3690, etc.

Thanks in advance, NAT

Reply to
mcnattyp
Loading thread data ...

Yes, pretty much.

On the other hand, the particular PDM configuration screen that you need to do that kind of setup, is so poorly designed that it is pretty much impossible to understand some of the options unless you already know how to read the command line information and have hours and hours of time to experiment. Faster to use the command line to start with.

Reply to
Walter Roberson

Thanks Walter, I figured that was the case.

NAT

Reply to
mcnattyp

Another follow-up question: I know it is generally inadvisable to buy cisco stuff on ebay, but I'm considering it for this purchase since I'm happy to not have supportnet as this is a home use system. Is that a very very bad idea? So long as I can get it operational in the first place, I don't anticipate wanting to do any sw upgrades. Ebay is about $200 for pix 501, refurb online is around $325 and new is about $350.

NAT

snipped-for-privacy@gmail.com wrote:

Reply to
mcnattyp

If it doesn't have 6.3(5)112 then you would be missing the latest security update and have no way of getting it. It also appears -probable- to me that between one and three more 6.3(5) security updates will be issued [-estimating- by the several Cisco security alerts that have been going around lately], possibly numbered as 6.3(6) and possibly not.

The 501 is an oddity, in that it has NOT been declared EOS but there isn't any apparent software coming out for it. Cisco doesn't

-usually- continue to sell as new and "fully supported" a product that they don't intend to upgrade at all: they would normally declare an EOS on it so that people would at least know what they were getting into.

The best I can figure is that the 501 is still selling well, and that the 5505 is too new to have the bugs shaken out yet enough to be considered to replace the 501 -- especially since the ASA 55xx series do not support PPTP yet (and looks to have only added PPPoE in the very newest version, 7.2(1) ) But unless Cisco makes some move on software for the 501 then it is going to have a bunch of unhappy customers if it suddenly EOS's the 501. Perhaps a trade-up program to the ASA 5505 would be offered.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.