PIX 501 and Multiple Subnets

[jdubbish]

I am currently setting up a Win2k3 server (SERV2) behind my PIX 501 firewall. I already have a 2k server (SERV1) and my current network on the 192.168.1.x subnet, and would like to setup our new server/network on 192.168.13.x.

The problem I'm running into is configuring SERV2 without it seeing any of my existing network components. Right now I've got SERV1 on ethernet1 of the firewall, and SERV2 on ethernet2. I'm curious if it's possible to allow this new server internet access using the same IP from my ISP. I'm not sure if the PIX support multiple internal internet connections, or if it simply serves as a switch on the internal network.

Any advice is appreciated.

 

[NetworkGhost]

Only if you have a routing device internal to your network. The 501 does not support VLANS or DMZs. If you dont want the second server to access your LAN I would suggest segmenting the access at the OS level.

Free Firewall/Network/Systems Support-

http://firewalls.ath.cx:8080

 

[jdubbish]

Alright, thanks for the confirmation. This is what I thought was the case.

I will looking into routing traffic through my 2K3 box to my 2K Subnet. Just gotta get time outside of production hours to do so.

Thanks again!

 

[teddyteddyteddy]

Hi, but if I already have a router in this situation, how to config the PIX?? the detail pls go to the thread "How to access another subnet via inside interface", thanks so much!

 

[NetworkGhost]

If it is setup like

(Internet Router) -- (Pix) -- (Choke Router) -- (LAN)

You can simply add a route to the pix pointing all traffic destined for 192.168.13.x to the choke router like so.

route inside 192.168.13.0 255.255.255.0 192.168.1.x <-- IP of the choke router. The choke router would then have to be connected to the 192.168.13.x network. You could control LAN access by placing ACLs on the router.

Free Firewall/Network/Systems Support-

http://firewalls.ath.cx:8080