03-14-2006 01:56 PM - edited 03-03-2019 12:03 PM
Hi All,
I currently have the setup below:
internet<-->router<-->pix<-->core switch<-->lan
in the above situation, the address on the inside int of the pix is a private ip that also resides on my lan. I will be moving to the following:
internet<-->router<-->pix<-->isa server<-->core switch<-->lan
My question being between the pix and the isa server (being used as a web filter and secondary firewall) do I need to use an ip scheme like 192.168.60.0/30? assigning 192.168.60.1 to the inside int on the pix and 192.168.60.2 to the outside int on the isa? Do I do this to give the two interfaces their own "network" and also keeping them out of my local lan addresses. does anyone see an issue with this? also if i do this, do I need to do something comparable to:
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
in the microsoft world on the inside int on the isa server?
is there an entirely different but better way to handle this?
TIA,
R
Solved! Go to Solution.
03-14-2006 02:39 PM
G'day,
I'm not too familiar with ISA servers but if it would make sense to assume that it forwards traffic from one interface to another in the process of filtering it. Such being the case, I would say that you would need to assign two different networks on either side of the ISA.
You would need the following routes on the ISA server:
0.0.0.0/0.0.0.0 pointing to its PIX-facing interface
One route for each private network in your network, each of them pointing to it's Core-switch facing interface
Hope that helps - pls rate the post if it does.
Paresh
03-14-2006 02:39 PM
G'day,
I'm not too familiar with ISA servers but if it would make sense to assume that it forwards traffic from one interface to another in the process of filtering it. Such being the case, I would say that you would need to assign two different networks on either side of the ISA.
You would need the following routes on the ISA server:
0.0.0.0/0.0.0.0 pointing to its PIX-facing interface
One route for each private network in your network, each of them pointing to it's Core-switch facing interface
Hope that helps - pls rate the post if it does.
Paresh
03-17-2006 09:58 AM
You also might need to setup routing on the ISA server I would presume.
Brandon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: