Pix firewall 515 with 3 interface

[S3G]

Hello everyone,

I know most of you are busy so I’m looking for a short answer.

I have a Pix 515 with 3 interfaces

I would like to know if the following scenario is possible

Interface0 outside (Internet/Router)
Interface1 DMZ (Public IP range)
Interface2 NAT (Private using PAT or NAT which ever is better)

I know this pretty much turns the PIX into a mini router. But I’ve heard it's possible.

And to top all of this off I'd like to be able to VPN into the private network.

If this configuration is possible I will continue to search for the information that will guide me in configuring the Pix.

Thanks for the Help even if it's to take a sec and look at the subject line.

S3G.

 

[lgarner]

Yes, it's quite normal. It doesn't really turn it into a mini-router; this is what it's designed for.

 

[RyanLindfield]

S3G,

From a design stand point, it is always recommended to use private IP range on your DMZ and then NAT to these hosts. The idea behind that is to hide your internal adressing information from anyone on the outside. In that case you would setup static NAT from one IP to another, or if you only have a single IP setup port forwarding with static statements. If you wish to disable NAT from one area to another use the "nat 0" command (aka identity nat).

Best regards,
Ryan Lindfield