Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

two pix506 firewall boxes????

Ok here's the question.

Our canadian counterparts are responsible for our vpn. We previously used (are still using) a gauntlet firewall.

however the new solution thats been sent over involves two pix506 boxes, one for the inside and one for the outside.

it doesnt work

I dont think there should be two boxes, there should be the one pix506 with a line to our internal network and a line to our router which contains the routing tables for our VPN etc.

Does this sound right or are the two boxes necessary?

any help is appreciated.


Cisco Employee

Re: two pix506 firewall boxes????

You can put two PIX at one site and have your DMZ in the middle of the two, some peole do this although it's not entirely necessary (although definately more secure if set up right).

To get your VPN working though, all you really need is one 506 at each site with the VPN configuration on them, the inside interface connects to your inside network/router, and your outside interface connects to your outside router/DSL/cable modem.

New Member

Re: two pix506 firewall boxes????

you could use two pixes, but you could do the job with one. one 506 could act as firewall and terminate the vpn clients also.