Separate 2 internal networks

Unanswered Question

Hello,

I have the following network setup on my pix.

Interface 0 is internet --static ip

Interface 1 is internal  10.1.1.0 is regular computers.

                                 vlan3 -- 10.1.3.0 is public internet

Also we have 2 dhcp scopes setup, one for each network


Its all working great except for one thing.

when someone is on the public I don't want them to be able to get to anything on the regular 10.1.1.x network.

I have attached my current running config.

Also this is a pix 515 running 804

Chris

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Mon, 05/24/2010 - 23:57

Base on your configuration, the public subnet 10.1.3.0/24 is not even configured on the PIX firewall. It is directly connected on your internal switch/router, therefore, traffic between 10.1.1.0/24 and 10.1.3.0/24 can reach each other. If you would like the public subnet to be segragated from the inside network, you need to configure a public interface on the PIX firewall and it needs to be the default gateway for that subnet.


Hope that helps.

Actions

This Discussion