Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
283
Views
0
Helpful
2
Replies

addressing between lan and internet

Go to solution
rhltechie
Level 1
Level 1

‎03-14-2006 01:56 PM - edited ‎03-03-2019 12:03 PM

Hi All,

I currently have the setup below:

internet<-->router<-->pix<-->core switch<-->lan

in the above situation, the address on the inside int of the pix is a private ip that also resides on my lan. I will be moving to the following:

internet<-->router<-->pix<-->isa server<-->core switch<-->lan

My question being between the pix and the isa server (being used as a web filter and secondary firewall) do I need to use an ip scheme like 192.168.60.0/30? assigning 192.168.60.1 to the inside int on the pix and 192.168.60.2 to the outside int on the isa? Do I do this to give the two interfaces their own "network" and also keeping them out of my local lan addresses. does anyone see an issue with this? also if i do this, do I need to do something comparable to:

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

in the microsoft world on the inside int on the isa server?

is there an entirely different but better way to handle this?

TIA,

R

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pkhatri
Level 11
Level 11

‎03-14-2006 02:39 PM

G'day,

I'm not too familiar with ISA servers but if it would make sense to assume that it forwards traffic from one interface to another in the process of filtering it. Such being the case, I would say that you would need to assign two different networks on either side of the ISA.

You would need the following routes on the ISA server:

0.0.0.0/0.0.0.0 pointing to its PIX-facing interface

One route for each private network in your network, each of them pointing to it's Core-switch facing interface

Hope that helps - pls rate the post if it does.

Paresh

View solution in original post

0 Helpful
2 Replies 2

Go to solution
pkhatri
Level 11
Level 11

‎03-14-2006 02:39 PM

G'day,

I'm not too familiar with ISA servers but if it would make sense to assume that it forwards traffic from one interface to another in the process of filtering it. Such being the case, I would say that you would need to assign two different networks on either side of the ISA.

You would need the following routes on the ISA server:

0.0.0.0/0.0.0.0 pointing to its PIX-facing interface

One route for each private network in your network, each of them pointing to it's Core-switch facing interface

Hope that helps - pls rate the post if it does.

Paresh

0 Helpful

Go to solution
smebbin
Level 1
Level 1
In response to pkhatri

‎03-17-2006 09:58 AM

You also might need to setup routing on the ISA server I would presume.

Brandon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card