08-11-2003 02:11 AM - edited 02-20-2020 10:55 PM
Scenario :- I had installed 2 pix 515 (primary and failover) behind my internet router . My inside network is having 2 WAN routers(with private ip addresses) connecting to 2 different sites(with private ip addresses) . The only way for them to access the internet is to go through current firewall
Requirement:- Now i want to install 2 more pix (primary and failover) behind these 2 wan routers to protect my inside netwok . So they can access only servers in their own dmz and connect to the internet
Before configuring anything on these new PIX i wana confirm the steps with you which i will perform .
-I have to give 2 static routes to these 2 WAN routers so inside users can connect to these 2 sites
-Have to disable NAT
-configure static for dmz servers and apply access list to it .
Please tell me what other steps i need in order to configure the new pix and please tell me how should i allow both the WAN site user to by pass both the PIX firewalls in order to use the internet .Required topology is like this :-
Users-Wan router(inside network)-Pix Firewall(inside network)-Pix Firewall(connecting to internet router)-Internet router . So overall there are 4 hops from WAN site users to internet .
If you need more clarification please let me know
08-13-2003 12:13 AM
CAN'T ANYBODY HELP ME OUT IN THIS ISSUE ?
08-13-2003 03:32 PM
all u need is just controlling user access behind the wan router? u may simply use access-list on those wan routers.
08-13-2003 11:10 PM
Ya i know but our customer want this way . And he had allready buy the pix .
?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: