Though some Cisco documentation says to put it in
parallel to the PIX, Cisco actually prefers three ways
and they all require you to go through the PIX.
One way is to have the public interface of the VPN to
be in the DMZ. This way the only traffic that hits the
VPN has been through the firewall already. The second
way is to have the private interface of the VPN to be
on the DMZ. This way unecrypted traffic is forced
through the PIX for inspection. The third and best way
is to have both the private and public interface be on
two different DMZs, so that both encrypted and
unencrypted traffic is forced through PIX inspection.
It's all a matter of how many interfaces you have for
DMZs.
Michael Le, CCIE #6811
--- Tom Richs wrote:
> Can someone tell me if I have a PIX in place, where
> should I install my VPN
> 3000 box (in front of the pix, behind the pix,
> parallel, in the dmz on the
> pix, etc). Also, I can't seem to find any
> documentation that has how to do
> it or how to configure each component. Any help
> espeically with
> configuration on both would be greatly appreciated.
> Thanks.
>
> Tom
>
>
_________________________________________________________________
> Get your FREE download of MSN Explorer at
> http://explorer.msn.com/intl.asp
[EMAIL PROTECTED]
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15888&t=15653
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
