Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

addressing between lan and internet

Hi All,

I currently have the setup below:

internet<-->router<-->pix<-->core switch<-->lan

in the above situation, the address on the inside int of the pix is a private ip that also resides on my lan. I will be moving to the following:

internet<-->router<-->pix<-->isa server<-->core switch<-->lan

My question being between the pix and the isa server (being used as a web filter and secondary firewall) do I need to use an ip scheme like 192.168.60.0/30? assigning 192.168.60.1 to the inside int on the pix and 192.168.60.2 to the outside int on the isa? Do I do this to give the two interfaces their own "network" and also keeping them out of my local lan addresses. does anyone see an issue with this? also if i do this, do I need to do something comparable to:

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

in the microsoft world on the inside int on the isa server?

is there an entirely different but better way to handle this?

TIA,

R

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: addressing between lan and internet

G'day,

I'm not too familiar with ISA servers but if it would make sense to assume that it forwards traffic from one interface to another in the process of filtering it. Such being the case, I would say that you would need to assign two different networks on either side of the ISA.

You would need the following routes on the ISA server:

0.0.0.0/0.0.0.0 pointing to its PIX-facing interface

One route for each private network in your network, each of them pointing to it's Core-switch facing interface

Hope that helps - pls rate the post if it does.

Paresh

2 REPLIES
Purple

Re: addressing between lan and internet

G'day,

I'm not too familiar with ISA servers but if it would make sense to assume that it forwards traffic from one interface to another in the process of filtering it. Such being the case, I would say that you would need to assign two different networks on either side of the ISA.

You would need the following routes on the ISA server:

0.0.0.0/0.0.0.0 pointing to its PIX-facing interface

One route for each private network in your network, each of them pointing to it's Core-switch facing interface

Hope that helps - pls rate the post if it does.

Paresh

New Member

Re: addressing between lan and internet

You also might need to setup routing on the ISA server I would presume.

Brandon

97
Views
0
Helpful
2
Replies
CreatePlease login to create content