I have a PIX 501 and need to see if it would be possible to insert this into the edge of an existing network to "limit" access into the existing network.
To detail, there is a T1 connected to a Cisco 1720. This T1 is connected to a HP switch which is then connected to a small network. This is Network 1.
Network 2 is the existing Enterprise environment and will have the small Network attached via a 4600 in the IDF.
With a PIX 501 having only 1 internal interface, how could I configure all of these components so as to allow "some" access into the Enterprise network for printing etc but not as a backdoor for internet access/full network access.
Any help including exemples would be greatly appreciated.
It is possible to control the flow using the PIX firewall to a great degree. Actually, resticting traffic is exactly what the PIX is designed for. Based on what I understood of your setup, you could establish a VPN tunnel between the 1720 and the PIX. The remote end VPN endpoint (1720) could send all the traffic to the central site PIX. Next use access lists to define exactly what traffic goes where. To see PIX firewall configuration examples, please see http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/prod_configuration
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...