Re: PIX question...

well you can have private adresses on DMZ and inside of course....
you'll make your static between outside and dmz....
make a DMZ with public adresses it's a rich solution...
with the pix you'll can make static by port...

and new ios ( 7.0) permit ssl tunnel for your futur web secure server.


----- Original Message ----- 
From: "Merlijn Tishauser" <merlijn@begeleidingentraining.nl>
To: <firewalls@securityfocus.com>
Sent: Sunday, September 05, 2004 1:46 PM
Subject: PIX question...


> Hi All,
>
> The decision has been made.
> This wednesday I'll meet my Cisco PIX 515E.
>
> This weekend I spent my time reading through the manuals and googling.
> I'm learning with the minute.
>
> Two questions however remain.
>
> First: initial setup ( I mean right away from getting the PIX out of 
> the box).
> use PDM (of which i read and hear not very good stories) or log in 
> through the console?
>
> second...I get two /29 subnets with the co-lo.
>
> setup:
>
> router(provider) ---->  outside - PIX -  dmz ------------> en1 of 
> Xserve (https, http)
> |
> inside -----------------> en0 of Xserve (sshd, serveradmin, mysql)
>
> question...use the public ip's without nat for the inside,dmz and 
> Xserve interfaces? or use NAT, and private ip-addresses "after" the 
> PIX?
>
> i'm planning to set-up multiple HTTPS sites, and will need the public 
> ip-addrresses for that.
>
> Any advice is welcome
>
> Merlijn
>
> www.gargleblaster.org
> ------------------------------
> Bill Gates in 1994: " We don't believe in TCP/IP..."
> Bill Gates in 1995: " We've invented a new protocol, and named it 
> TCP/IP..."