I recently got a 501 pix with 1 external connection plus 4 port switch. I have a DSL account with 4 public ip addresses. My network setup is DSL LINE>Cisco 2621 Router>PIX 501>Cisco 2900 switch. Im only use one public ip address for the cisco router, so i have three available ip's. I want to create a DMZ for my web and email servers. Can I create a DMZ with the 501 PIX? Can i use the internal ports on the PIX for my email and web servers which will have public ip's? Any info or configurations are welcome, thank you.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Could this be done
- Thread starter UNIX72
- Start date
HI.
No, the pix 501 has only 2 actual interfaces "outside" and "inside". The "inside" interface is the 4 port switch.
So you cannot designate one of these ports as DMZ.
Bye
Yizhar Hurwitz
No, the pix 501 has only 2 actual interfaces "outside" and "inside". The "inside" interface is the 4 port switch.
So you cannot designate one of these ports as DMZ.
Bye
Yizhar Hurwitz
Yizar is right again!! The PIX 506 only has one external interface and one internal interface! So a DMZ is out of the question!
What you really should do is NAT on the PIX and not on the router! If you have four available IP's then I would use them in the following way:
The router will have one IP address which should be the live routeable IP. We always give this to the ethernet interface and use IP unnumbered on the serial or dialer interface (ATM as well when we start ADSL soon!!)
The second address goes on the external interface of the PIX. The inside interface of the PIX uses a private range (192.168.x.y for example) and is subject to NAT.
The third and fourth IP addresses can then be used for the web and mail servers. You would assign the actual boxes private IP's on the local network but do a static translation for each box on the PIX.
static (inside, outside) out_IP internal_IP
Easy!!
Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
What you really should do is NAT on the PIX and not on the router! If you have four available IP's then I would use them in the following way:
The router will have one IP address which should be the live routeable IP. We always give this to the ethernet interface and use IP unnumbered on the serial or dialer interface (ATM as well when we start ADSL soon!!)
The second address goes on the external interface of the PIX. The inside interface of the PIX uses a private range (192.168.x.y for example) and is subject to NAT.
The third and fourth IP addresses can then be used for the web and mail servers. You would assign the actual boxes private IP's on the local network but do a static translation for each box on the PIX.
static (inside, outside) out_IP internal_IP
Easy!!
Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************
- Thread starter
- #4
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question