Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Running the PIX back-to-front

I am looking to deploy a PIX with the inside interface facing outside to allow for DHCP addresses to be assigned to Wireless clients. I will be deploying ACL's to restrict access on both interfaces, but am looking for confirmation that there will be no information "leakage" with having the higher security level interface providing access to the dirty side.

  • Other Security Subjects
New Member

Re: Running the PIX back-to-front


For the sole purpose of deploying the DHCP services on the firewall you are willing to jeopardize your security? How do you make sure that only authorized wireless users are provided with an IP address? Be very careful in deploying such a setup. They call wireless LANs not for nothing 'a wire on a parking lot'.

You might want to look into Cisco LEAP offering regarding wireless access.

New Member

Re: Running the PIX back-to-front

I hadn't explained the design fully, insofar as once the DHCP server has assigned an IP address, the wireless user can only gain access to the network through a correctly configured VPN client, with the appropriate one-time password. My design has been to address the "wire on the lot" situation!

Any thoughts on my original query?