Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX initial setup

Status
Not open for further replies.
basmithmia

basmithmia

IS-IT--Management
May 1, 2003
1
US
Hi all,

I’m new to Cisco products so if I sound a little green, sorry. I have recently purchased a PIX 501 and would like some pointers in setting it up in the following configuration.

DSL Router w/ 1 Static IP
|
|
Pix Firewall
| | |

| | |

DMZ Workstations Servers

(Router currently doing NAT and some port forwarding i.e. Terminal services, PC anywhere and
The DMZ would include a and a Terminal / VPN / Database Server. This is a B2B and we do Windows Authentication for users to log into the server. The will have an app that uses Cold Fusion to connect to the data base server. The VPN and Terminal server has not been configured yet so I’m open to suggestions.

I have 13 client workstations that need to connect to the DMZ and the internet. Again I’m new to these products so if I haven’t given enough info let me know what else you need.

Thanks,
Bruce
 
Sort by date Sort by votes
Upvote 0 Downvote
What are you using for the DMZ? The 501 does not have a dmz interface. You could do static nat mappings.
 
Upvote 0 Downvote
HI.

As mentioned above, the pix 501 does not support DMZ.

> Router currently doing NAT ....
It is best to replace the router and let the pix be the only device which does NAT. Placing the pix behind another NAT device will cause problems.
Contact your ISP about this issue.
Two options are:
* Replace the router with a DSL modem, and let the pix do PPPoE dialing.
* OR: Reconfigure the router to use public ip addresses only with simple routing and no nat.

> This is a B2B So if your only going to accept inbound http traffic from a known ip address, you should setup the access-list that way (to allow incoming traffic on port 80 only from the other party known ip address/subnet).

Bye


Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
218
hairlessupportmonkey
hairlessupportmonkey
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
118
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
158
brownmab53
brownmab53
quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
233
quazimotto
quazimotto
quazimotto
  • Locked
  • Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
100
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top