Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX515E Between 2 Departments

Hi,

Excuse my ignorance with this subject but I have some PIX experience but mainly in the Internet domain. I have been asked to install a 515E between 2 departments.

Could anyone give any pointers or best practice advice on how to set this up. Do I need to PAT traffic in both directions, do I need to create static translations? I am realy not sure how to go about this.

Thanks

1 REPLY

Re: PIX515E Between 2 Departments

I assume the departments will connect on two different interfaces in PIX... if that is the case, you need to do the following:

1) configure static commands - this is very important and pix wont pass traffic unless there exists a translation on it...

2) configure necessary access-lists....

To give you an example... consider

dept 1 - 10.1.1.0/24 - connecting to inside

dept 2 - 172.16.1.0/24 - connecting to dmz1

static (inside,dmz1) 10.1.1.0 10.1.1.0 netmask 255.255.255.0

no acls' needed since all traffic is allowed by default from inside to dmz1

static (dmz,inside) 172.16.1.0 172.16.1.0 netmask 255.255.255.0

access-list dmz1 permit ip 172.16.1.0 255.255.255.0 10.1.1.0 255.255.255.0

this will allow traffic from dmz to inside..

hope this helps... rate replies if found useful..

Raj

100
Views
0
Helpful
1
Replies
CreatePlease to create content