Re: PIX COnfig Question

tstickelmaier · ‎09-26-2001

We are setting up a pix firewall with different clients and different networks off each network interface. What is the best way for each client to be able to remotely manage their servers without giving them access to anyone elses network? One-to-one nat or vpn???

Thanks

ontrack · ‎09-28-2001

I have just a quick question to you question. Are each of the networks that you are going to setup have there own interface on the PIX or is there a routing device off an inside interface of the PIX that will host these networks?

tstickelmaier · ‎09-28-2001

I am not sure. Which is the best way to do it? I guess I would need 2 interfaces for each network, 1 in and 1 out right?

ontrack · ‎10-01-2001

The way I would suggest that you setup your pix is that you have only 1 outside interface, 1 "inside" interface for your own needs or whatever and then setup 1 DMZ interface for each network you going to be supporting. Now in order to get the result of the DMZ networks not to have access to each other you configure each interface with the same security level, this way the PIX will never allow any traffic to go from on interface to any other interface with the same security level. The problem here could be the number of interfaces supported by your PIX, if you have a PIX 515 with an unrestricted license then you could get 4 DMZ interfaces and 1 outside and 1 inside interface.