|
Posted by John Dailey on September 27, 2006, 5:15 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hello,
I'm having to configure a PIX 515e firewall that's on our network, but
know very little about networking. A 'show version' results in:
Cisco PIX Firewall Version 6.3(4)
Cisco PIX Device Manager Version 3.0(2)
We have a block of addresses that I would like to share between the DMZ
and Internal interfaces, with the PIX inspecting packets on the way.
Here's an example:
We're provided a network segment 1.2.3.128/255.255.255.128 with
1.2.3.129 as the gateway to the rest of the world.
I'd like to divvy up 1.2.3.130-254 between the internal and dmz, but it
seems like the best I can do is give 32 addresses to the dmz and 64 to
the internal, and then the other 32 are wasted on the outside interface.
I don't want to waste those extra addresses, but we want everything
behind the firewall.
Surely there's a way to do this? It seems like it should be a very
common scenario. The only vaguely workable solution I've found is to do
192.168.x.x networks on inside and dmz and then do static maps between
the addresses. But that is a configuration nightmare for us because DNS
is completely broken for our machines that need to access other of our
machines.
Any help is greatly appreciated.
-John Dailey
|
|
Posted by www.BradReese.Com on September 27, 2006, 5:50 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi John,
You may wish to investigate the Cisco PIX 515E Firewall Quick Start
Guide, Version 6.3 (PDF - 1 MB):
http://www.cisco.com/application/pdf/en/us/guest/products/ps4094/c1616/ccmigration_09186a00801dabbe.pdf
Found on Cisco PIX Documentation:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/tsd_products_support_series_home.html
Cisco PIX Device Manager Installation Guide, Version 3.0(1)
http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/products_installation_guide_book09186a008017a431.html
Found on Cisco PIX Device Manager Documentation:
http://www.cisco.com/en/US/products/sw/netmgtsw/ps2032/tsd_products_support_series_home.html
Hope this helps.
Brad Reese
BradReese.Com - Cisco Repair
http://www.bradreese.com/cisco-big-iron-repair.htm
1293 Hendersonville Road, Suite 17
Asheville, North Carolina USA 28803
USA & Canada: 877-549-2680
International: 828-277-7272
Fax: 775-254-3558
AIM: R2MGrant
BradReese.Com - Cisco Power Supply Headquarters
http://www.bradreese.com/cisco-power-supply-inventory.htm
|
| Similar Threads | Posted | | Configuring Firewall | April 30, 2005, 12:29 am |
| Configuring F-Secure Firewall Ports | December 23, 2004, 7:11 am |
| Newbie: Configuring openbsd firewall | April 3, 2005, 7:01 pm |
| Configuring firewall to allow remote administrator | October 25, 2005, 9:48 pm |
| Configuring F-Secure Firewall Ports for Bit Torrent | December 23, 2004, 7:13 am |
| Configuring a VPN client for a dlink dfl800 firewall | January 27, 2008, 11:32 am |
| Configuring DMZ | November 14, 2006, 5:02 pm |
| configuring IP range for zones | September 19, 2007, 3:26 pm |
| Configuring router for VPN passthrough | April 3, 2008, 3:31 pm |
| Configuring Visnetic for Apache 2.0.44 with a DSL connection | March 22, 2005, 5:06 pm |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map