Hello all. Pretty newbie question here, I know I still have lots of research to do, but I'm fairly new to the security side of things, so looking to get pointed in some direction...
We are running 2 PIX 515's, one as a failover. All the ports are being used, we have one DMZ setup where our websvr and another host sit. We need to setup another host to run various things with Google (ads i believe?), that need to open an in/out tunnel to the internet, so we want to put this on a separate DMZ from the websvr.
Question, what is the best way to go about this? Just upgrade the PIX to add another port and put the 2nd DMZ on that? Are there better...more efficient...less costly ways to do this?
Eventually we are upgrading the PIX to ASA'. If upgrading the PIX is the only solution, is the cost great enough that we should try to wait and upgrade to the ASA's first? Is there a temporary workaround to get by until we upgrade?
If you are using a switch that supports 802.1q trunking then you can use one of the physical interfaces on the pix and split it logically into 2 different interfaces. Each logical interface is seen as a separate interface that you can apply access-lists to etc.
Separate VLANS on a switch I believe is the best way to go. I have 2 3750's trunked off my ASA (1gb ports) with multiple VLAN's. It's great as you can use one port and create sub interfaces off that single port to create multiple VLANS/DMZ's. They are very secure and as the VLAN's/DMZ's are seen as interfaces you can give them different security levels, access rules etc.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :