Hi, Normally, the CPE router would be the border router that gives you the global IP address range to access. However, in this case it looks like you essentially have 2 border routers.
You can get your border router to route the global ip range to the PIX, so the PIX outside interface will have a global IP address. But that would mean you have to break up the subnet the ISP has allocate you. If you have a large range, it may be ok, but if it's a small range (eg. /28), then you will waste IP addresses by doing that. A solution would be to do NAT on your border router, and everything behind the border router will be private IP address range. That would also mean your PIX will not be doing any NAT, so use either nat 0 or statics depending on your purpose. If I were you, I would get rid of the border router. I'm not sure what advantages it is going to have in using it. Regards, Albert -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 8:42 PM To: [EMAIL PROTECTED] Subject: pix + router, design issue [7:63244] I have a case with a customer that I am installing a PIX and a border router for, He want4s to have controle over the border router, but the Service Provider, is providing their router as the CPE. one interface on the Service Providers router has an ip address from the customers public ip address range, so I am thinking about what would be the best way to config the customers border router, as it will need to be sending some ip address that is on the interface connected to the CPE router back to the pix. ------------ ------------ ------------ - - - - - - - -************- -************- - - - - - - - ------------ ------------ ------------ PIX 213.100.1.10 Border Router CPE Router 213.100.1.1 I am beeing a little slow to day, so I would like to get some input on how you would handle this secenario. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63254&t=63244 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]