01-20-2012 11:26 AM
I'm building a dual firewall solution for exchange.
Currently, I also have people connecting VPN to the PIX 515E.
Internet ==vpn== 5505 == LAN
Looking to set up
PIX515E ==dmz== Edge server == ASA 5505 == LAN
In a setup like this, which device should I have people connect VPN to? The pix will be the only device directly connected to the internet. Everything else will be natted.
01-20-2012 12:11 PM
The Pix515 for vpn as you dont want to have NATTED vpn headend. Also, I am not sure why do you want :-
PIX515E ==dmz== Edge server == ASA 5505 == LAN
Rather than
Internet --------- ASA5505 == Lan
||
DMZ servers
Manish
01-20-2012 12:52 PM
Most of the documentation I've been reading has suggested that
PIX515E ==dmz== Edge server == ASA 5505 == LAN
seemsto be the best practices setup config for exchange with an edge server.
http://www.netometer.com/blog/?p=70
http://msmvps.com/blogs/ehlo/archive/2007/08/16/1116308.aspx
01-20-2012 02:36 PM
Not sure about these Blogs , but I have always seen firewalled Network with either Inside/Outside or Inside/outside/DMZ configuration only ( more often inside/outside/dmz ).
I think the inside( 100 )/outside ( 0 )/dmz ( 50 ) security setting would logically look like a Two firewall design as lower to higher traffic will be scaned against Firewall rules etc.
Manish
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: