I wouldn't use FW feature set when you have a DMZ involved.
Just my 2cents but the config can get very complex for no reason. Stick
with the pix!
________________________________
From: Kidder, Roy [mailto:Roy.Kidder@safelite.com]
Sent: 13 September 2004 15:51
To: Anand Srivastava; firewalls@securityfocus.com
Subject: RE: PIX Setup with PAT
What is your Internet connection? If it's an Ethernet hand-off (ie cable
or dsl), you can eliminate the router if there's a provider-supplied
cable or dsl router.
If it's something else, you can consider using a Cisco router with the
firewall feature set instead of the current router. This would eliminate
the need for a PIX.
-----Original Message-----
From: Anand Srivastava [mailto:anand.srivastava@global.com.pg]
Sent: Friday, September 10, 2004 2:23 AM
To: firewalls@securityfocus.com
Subject: PIX Setup with PAT
Hi List,
I have got a new PIX 515E and that needs to be setup in following way
(pretty staright forward):
Internet ------- Router ------ PIX ------ LAN
|
DMZ
The problem is that we have only one Public IP assigned to router and
we are using address translation for the clients on inside network.
Is it worth running PIX (outside address) on private addressing scheme.
Can someone give me an idea how to do that in the best possible way..?
regards
Anand
*************************************************************
This message, including any attachments, may contain
confidential information intended for a specific individual
and purpose, and may be protected by law. If you are not
the intended recipient, please notify the sender by e-mail
or telephone immediately, and then immediately delete this
message. Any disclosure, copying or distribution of this
message, or the taking of any action based on it, by any
unintended recipient is strictly prohibited.
Checked by the Safelite e-mail scanner which may have
resulted in the attachments being modified or removed.
