PIX w/ 3 Interfaces
Currently my PIX has two interfaces. I'm getting ready to add another interface to my PIX to make it 3 interfaces to make a separate DMZ network. My question is, when a user on the outside tries to access a server on on the network on the inside (not dmz), is that doable. Also, I haven't been able to find a full blown very very detailed sample config of a 3 interface PIX configuration. If someone could share their 3 interface PIX configuratin with me, I would greatly appreciate it. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX w/ 3 Interfaces
Yup, you simply have to setup the static commands between the outside and the inside interfaces and conduit statements for the particular ports and host. Don Gardner Network Analyst CH2M HILL -Original Message- From: SH Wesson [mailto:[EMAIL PROTECTED]] Sent: October 23, 2000 3:27 PM To: [EMAIL PROTECTED] Subject: PIX w/ 3 Interfaces Currently my PIX has two interfaces. I'm getting ready to add another interface to my PIX to make it 3 interfaces to make a separate DMZ network. My question is, when a user on the outside tries to access a server on on the network on the inside (not dmz), is that doable. Also, I haven't been able to find a full blown very very detailed sample config of a 3 interface PIX configuration. If someone could share their 3 interface PIX configuratin with me, I would greatly appreciate it. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX w/ 3 Interfaces
The cisco documentation has a few examples! Try this one. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/exa mples.htm#xtocid274895 Vern Stitt ASE, CCA, CCNA, MCSE _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX w/ 3 Interfaces
Title: RE: PIX w/ 3 Interfaces The implementation you are speaking of is quite common actually. The hard part is your security requirements. A good starting point is to list ALL traffic that will be required to reach your DMZ (for example, HTTP, HTTPS, FTP, etc...). Once listed, you can create your rules; it would be rather lengthy to list everything here, so be sure to RTFM (see links below). You might want to check out the following links for PIX information (remember to watch the wrap)! The information can be readily found on CCO. Although the links shown here may be a bit dated (in terms of SW release), it should give you a good understanding of the mechanics behind the installation and configuration of the PIX. http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pix42cfg/ http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pix42cfg/pix42cfg.htm BTW - if you haven't, verify that you have a license that will allow you to add another interface to the PIX. HTH. Michael Dingeldey CCDA, CCNP Senior Network Engineer Interactive Business Systems Ph: (734) 542-9137 Fx: (734) 542-9149 -Original Message- From: SH Wesson [mailto:[EMAIL PROTECTED]] Sent: Monday, October 23, 2000 5:27 PM To: [EMAIL PROTECTED] Subject: PIX w/ 3 Interfaces Currently my PIX has two interfaces. I'm getting ready to add another interface to my PIX to make it 3 interfaces to make a separate DMZ network. My question is, when a user on the outside tries to access a server on on the network on the inside (not dmz), is that doable. Also, I haven't been able to find a full blown very very detailed sample config of a 3 interface PIX configuration. If someone could share their 3 interface PIX configuratin with me, I would greatly appreciate it. Thanks. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
