Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
468
Views
0
Helpful
4
Replies

create DMZ with 501 PIX?

oalexis
Level 1
Level 1

‎05-10-2003 06:08 PM - edited ‎02-20-2020 10:44 PM

0 Helpful
4 Replies 4

devam
Level 1
Level 1

‎05-10-2003 10:33 PM

Hi,

In PIX 501 you have only two interfaces. They are,

Outside: Integrated 10/100 Fast Ethernet port, auto-negotiate (half/full duplex), RJ45

Inside: Integrated auto-sensing, auto-MDIX 4-port 10/100 Fast Ethernet switch, RJ45

You have only two sides Inside and Outside. It is not possible to have DMZ.

Please let me know if you need more information.

Thank you.

Murthy.

0 Helpful

oalexis
Level 1
Level 1
In response to devam

‎05-11-2003 07:31 AM

Many thanks for responding,

That's what I thought. But is there some sort of way to create a DMZ with two firewalls?

I was thinking that I'll put the linksys firewall first.(Public ip) and put the PIX behind that. Between the PIX and Linksys hang my wireless access point.

Have private IPs on both sides of PIX. I have another network on the inside interface of the PIX. Create ACLs as needed.

Do think this will work?

Many thanks again

0 Helpful

devam
Level 1
Level 1
In response to oalexis

‎05-12-2003 10:06 AM

Hi,

I got your Idea.

Are you planning to put any servers in the DMZ which are accessed by internet? Normal Practice is the network between two firewalls or two routers will be configured as DMZ. In the first firewall(Linksys in your case) will allow the traffic for the Servers which are in DMZ from Internet and the second firewall will restrict. At the same time inside people are(ie behind your second firewall PIX 501) will be able to access the Internet.

If you want to restrict the people from inside to access the specific networks or ports you can configure in your second firewall.

How are you connecting to Internet? Is it through broadband or any T1 line? If you have any manageable router we can put access lists in that router and we can make the network between your firewall and router as DMZ. This will remove Linksys firewall.

I strongly suggest that don't put wireless access point in between firewalls(because inside user will be connected to this access point). Put behind the second firewall.

I might be giving solution without knowing your requirement. If your requirement is different than above let me know we can work on it.

It is always interesting in cracking the problems.

Thank you.

Murthy.

0 Helpful

oalexis
Level 1
Level 1
In response to devam

‎05-12-2003 06:52 PM

Hi Murthy,

I really appreciate you helping me out here.

I want to have a Web server in the DMZ. I am connecting through a cable modem. My other routers (2600s), I use them to create additional networks behind the firewall. (I want to play with RIP and such).

The wireless access point is to give my sister Internet access upstairs. She doesn't need any sort of other access... that's why I want to put the access point in the DMZ

So I will go ahead and get the PIX. If I need some help..... i will surely post and hope that you respond. :)

Many thanks again!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card