Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is it possible to use the CSS inside a PIX DMZ?

I have a client with the following current config:

Internet

||

router

||

switch

||

PIX===DMZ

||

switch

||

router

||

LAN

My questions are:

a) Can I place a CSS 11000 series in the PIX DMZ, even though the PIX is natting those addresses?

b) If so, can do I need to use a different network from the DMZ network for the boxes connecting to the CSS?

c) If I connect the CSS to the PIX and there are boxes on that switch, will they be "controlled" by the CSS as if they were plugged directly into it?

Thank you,

Cosby

2 REPLIES
New Member

Re: Is it possible to use the CSS inside a PIX DMZ?

The common design:

Internet

|

router

|

Content-Switch

| | |

PIX PIX PIX

| | |

Content-Switch

|

LAN

But because of PIX not support VRRP,so PIXs can not support stateful-failover when their load balancing.

If you have DMZ,I suggest you plug all PIXs FE to the 3nd CSS, CSS use VIP to NAT the server ip.

See the below topology

Internet

|

router

|

Content-Switch

| | | VIP

PIX PIX PIX--content------server-farm

|| || | |

||___||___|____|

| | |

Content-Switch

|

LAN

New Member

Re: Is it possible to use the CSS inside a PIX DMZ?

I'm a bit confused by the recommended topology diagram. Specifically by the use of the lines and brackets. It looks like you suggest 3 CSSes surrounding one DMZ?

I don't find any documentation that indicates such a requirement for topology. Could you recommend any to support your recommendation?

195
Views
0
Helpful
2
Replies
CreatePlease login to create content