Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX COnfig Question

We are setting up a pix firewall with different clients and different networks off each network interface. What is the best way for each client to be able to remotely manage their servers without giving them access to anyone elses network? One-to-one nat or vpn???

Thanks

  • Other Security Subjects
3 REPLIES
New Member

Re: PIX COnfig Question

I have just a quick question to you question. Are each of the networks that you are going to setup have there own interface on the PIX or is there a routing device off an inside interface of the PIX that will host these networks?

New Member

Re: PIX COnfig Question

I am not sure. Which is the best way to do it? I guess I would need 2 interfaces for each network, 1 in and 1 out right?

New Member

Re: PIX COnfig Question

The way I would suggest that you setup your pix is that you have only 1 outside interface, 1 "inside" interface for your own needs or whatever and then setup 1 DMZ interface for each network you going to be supporting. Now in order to get the result of the DMZ networks not to have access to each other you configure each interface with the same security level, this way the PIX will never allow any traffic to go from on interface to any other interface with the same security level. The problem here could be the number of interfaces supported by your PIX, if you have a PIX 515 with an unrestricted license then you could get 4 DMZ interfaces and 1 outside and 1 inside interface.

91
Views
0
Helpful
3
Replies
This widget could not be displayed.