Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PIX ROUTE

from [Stuart SP Powney NONLILLY] Network Security [Permanent Link]
Subject: Re: PIX ROUTE
Date: Thu, 17 Feb 2005 09:11:17 +0000 
I would suggest option2.  The PIX firewall is not ideal for routing 
between internal subnets all reachable from a single interface.  By 
selecting the internal router as a gateway for your clients you also 
maintain more internal routing flexibility.  You can create a default 
route on the internal router pointing to the PIX eth1 interface and if 
required tell the router to advertise this default route throughout your 
internal routing domain.

HTH
Stuart





Hesperia DOS-IT Security <itsecurity@hoteles-hesperia.es>
16/02/2005 11:23

 
        To:     firewalls@securityfocus.com
        cc: 
        Subject:        PIX ROUTE


Hi, I am about to make a big change in my network. I will describe the
scenario both scenarios. I have a Cisco PIX 515 connected to a switch 
(using
eth1). The same switch is connected to a router. The router connects me to
WAN, where I have some servers and users. The PIX connects me to Internet
using eth0. The hosts (users computers) have the pix IP (eth1) as the
gateway, because most of the traffic is www. Is it possible to static 
route
WAN connections (coming from eth1), using the same interface (eth1) [see
option1.jpg] ? Is it better to connect the router to the pix (eth2) and 
put
as a gateway the router [see option1.jpg]? Thanks.


Eduardo Di Monte

Attachment: option1.jpg
Description: JPEG image

Attachment: option2.jpg
Description: JPEG image

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: PIX ROUTE, Fetch, Brandon
Next by Date:  RE: firewall suggestion, tom . farrar
Previous by Thread:  RE: PIX ROUTE, Fetch, Brandon
Next by Thread:  NAT vs PMTUd, Dan Lynch
Indexes:  [Date] [Thread] [Top] [All Lists]