Multiple IP Network and PIX

[koboris]

I'm a newbie in PIX Cisco technology, I used FW1 Checkpoint product before ... but I have to change ...

I have 3 official range of public Addresses (Subnet of Class C). I have a lot of website. I had these Networks on same physical DMZ.

How can I setup my DMZ (with IP Network X,Y,Z) on a SAME PIX Network Interface ???

Thanks for help !!

 

[phima]

Hi,

If I understood your problem correctly, you'd like to connect your three IP networks on the same interface of your pix.

The PIX does not support multiple IP addresses on a single interface, so you'll have to make on of these choices :

- If your pix supports, add some ethernet interfaces to your pix, so that you have one subnet per DMZ (you seem not to want this kind of solution)

- Insert a router between your pix DMZ interface and your 3-subnet LAN (a dual ethernet router should be sufficient, as you can setup more than one IP per i/f on many routers).

- Change the IP addresses of all your web servers (in one subnet of private addresses), and define the real servers IP in the "static" directives.

Hope this helps,
Phil.

 

[err0neous]

I am having the same problem, with checkpoint I was able to have subinterfaces for my different dmz networks but now with the pix I cannot do that. It seems that the most reasonable solution here is to insert a router on the pix dmz interface. Can someone tell me in some greater detail just how I would be able to implement such a thing?

 

[err0neous]

Also, is it possible to use a router on a stick for this purpose?