Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX with 4 Port Card

Status
Not open for further replies.
3073

3073

MIS
Feb 10, 2003
6
US
Hi,
we are currently running Pix520 with two port card(inside/outise). we have a Business partner Router that is INSIDE our firewall which is also the Default gateway for our Internal LAN users and Running 1 T1 to our Remote site and another T1 to our business partner. I want to get a 4 Port card and place the Business partner Router outside the Firewall, so I will be utilizing 3 interfaces out of 4 on the Quad card. I would like to know that how will I secure my network from business partners to just access few services and how would NAT will work in this scenerio? I hope I made a clear scenerio here....
 
Sort by date Sort by votes
The setup I would use here:

Your ISP router on the outside interface as it currently is. PIX default route points to this router.

Move Business partner router to interface ethernet2, set the security level to 10.

You now set up an additional global statement for the name of this interface.

You can control which servers the business partners can access using static and access list statements, propably in a similar manner to your current config?

However consider this, do you really want your business partners to access servers on your inside network. I would recommend moving these servers to another dmz port, with a security level of say 50. This way your inside users can have easy access to the servers, the business partner and the outside networks. But you can apply tight control to connections to the inside network started on any of the lower security level interfaces.

This isn't as bad to configure as it sounds!

 
Upvote 0 Downvote
Thankyou Routerman, It realy make sense and I configured the same way you have mentioned but just needed a verification. I have changed the security level of Business Partner port to 50 and kept DMZ port to 30 since I have a another remote site that is connected to that Business Partner Router via T1, so I need those users to connect to our LAN, so I only let my remote users to start connection on that PORT via NAT/GLOBAL commands, I will roll it out this weekend and will see how it goes. Thankyou again for ur quick response.
Vikas
LAN/WAN Engineer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
671
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
519
XLNTech1
XLNTech1
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
145
ISDPCMAN
ISDPCMAN
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
108
xwray
xwray
Impersonator
  • Locked
  • Question
UDP Hacking port 53
Replies
1
Views
197
RodneyMcSnow
RodneyMcSnow

Part and Inventory Search

Sponsor

Back
Top