The PIX is extremely versatile.
1. E-Mail Server
You can put your mail server on the inside but I would suggest putting a
smtp gateway on the DMZ. Have you MX record pointing to that device.
2. 1600 - PIX - ? - ISA
I'm not sure why you would want to put something between the PIX and the
Proxy server. You can do NAT at the PIX or the Proxy. You can set the
Proxy for Authentication or set up a Radius or TACAS+ server to let the PIX
do it. I would leave you configuration as it is with clients pointing to
the Proxy for Internet Access and the Proxy go through the PIX. By default
the PIX lets all trafic out. You can put an access list on the PIX and only
allow traffic out from the Proxy Server and possibly you mail server.
""Sammi"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello all,
>
> I'd like to setup a DMZ in the near future and am still pondering
> purchase of a PIX box.
> Our interface to the outside world is through a Cisco 1600.
>
> So the DMZ would go:
>
> 1600 -> PIX -> ? -> ISA box (microsoft proxy/firewall)
>
> I know I don't want the PIX talking directly to the ISA, but not too
> clear what I'm going to put in between, and why (functionality). Our
> webpages are hosted off site by a third party, I would want to keep my
> mail server inside right? I would like to set up VPN in the future,
> should it go through the box between the firewalls?
> The DMZ doesn't simply double the challenge does it? As in "ok, you
> got through one firewall, now try the next".
>
> Any enlightenment greatly appreciated.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=11009&t=10970
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
