I am new to Firewalls and I have to configure a 506E between the production (Enterpise) network and a new test lab.
This is to ensure that any activities within the test area do not interfere with any operations on the production network.
Both the test lab and the production network are using private address ranges.
I assume I do not need to use NAT as neither address range needs to be 'hidden' from the other?
I have put the inside (secure) network towards the lab and insecure towards production network (just in case we need to VPN to outside interface across production network in the future).
We only want to allow HTTP and telnet through (in both directions, ie inside to outside and vice versa).
Would you have an example configuration I could use to get started?
Thanks in anticipation to somebody helping me out.
To cover off the static / NAT issues first.
To allow connections from a lower to higher security interface you need to have static
static (inside,outside) 192.168.5.0 192.168.5.0 255.255.255.0
means present the 192.168.5.x network addresses to the outside (in our case production)
as 192.168.5.x addresses.
It is a peculiarity of the pix that even if you don't want to NAT from one IP address to
another you still need to tell the pix that you don't want to NAT and this is what the
static statement does.
(Note with Pix v7.x code this has changed quite significantly but your pix will be running
6.3 code as it is a pix 506e which can't run v7.x)
When i mentioned the bit about is natting them back on the firewall i was talking about
what we do in our environment but as i say if it's not a problem mixing your addressing
then don't worry about this. As long as none of your prod/test addressing overlaps you
should be fine.