We are setting up a pix firewall with different clients and different networks off each network interface. What is the best way for each client to be able to remotely manage their servers without giving them access to anyone elses network? One-to-one nat or vpn???
I have just a quick question to you question. Are each of the networks that you are going to setup have there own interface on the PIX or is there a routing device off an inside interface of the PIX that will host these networks?
The way I would suggest that you setup your pix is that you have only 1 outside interface, 1 "inside" interface for your own needs or whatever and then setup 1 DMZ interface for each network you going to be supporting. Now in order to get the result of the DMZ networks not to have access to each other you configure each interface with the same security level, this way the PIX will never allow any traffic to go from on interface to any other interface with the same security level. The problem here could be the number of interfaces supported by your PIX, if you have a PIX 515 with an unrestricted license then you could get 4 DMZ interfaces and 1 outside and 1 inside interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...