Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Proof of Concept on Network change

Status
Not open for further replies.
pachucos

pachucos

MIS
Nov 21, 2002
38
US
Ok I am kind of new to this. But I want to run this by some experts to see if I am right or if I am fundamentally incorrect.
I have 2 live networks to the internet on different IP ranges.
I just recently purchased 2 Pix 515 with failover and a 4 port card.
My network is currently live on the Internet. I would like to move it to a Private network, such as a 10.10.X.X network that is behind a firewall.
Here is the scenario.
I would setup the firewall to access the internet via one of the Live IP ranges.
Then I would like to keep the other Live IP range on the other port (such as the LAN port)
Then I would like to put all the workstations on a 10.10.221.x network connected to one of the ports from the 4 port card.
I would like to add all the servers to another port of that same card on a different address i.e. 10.10.220.x
Then I would like to create a DMZ on another port of that card that would support the Web servers (IIS, Apache, and OWA) and on network 10.10.222.x
And on the last port of the card I would like to create a test Server LAN on network 10.10.223.x

I am not sure if this is possible. Would the PIX act as a router? Or would I have to purchase other equipment. I would like to basically filter only necessary traffic to the servers. I also have to take into consideration that I have 2 outgoing trusts with our contractor’s networks.

Any and all comments and info would be very appreciated.
Since this is only a proof of concept I am open to some critique.
Thanks,
Tom
 
Sort by date Sort by votes
>I would like to add all the servers to another port of >that same card on a different address i.e. 10.10.220.x

I wouldn't seperate the network using a PIX. Use a switch and router to segment production servers from your workstations. Assuming that you want to follow a 20/80 rule the PIX would slow your network performace. If you are trying to segment the servers from the workstations due to security - well I'm sure there is a better way of accomplishing that.

Segmentaion should be left up to Layer 3 routers

Remember a PIX is not a router and try not to force it to become one :)

 
Upvote 0 Downvote
Thanks for an answer. I will look into trying to do this another route with a router.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2
  • Locked
  • Question
Loss of my privacy
Replies
12
Views
784
Rick998
Rick998
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
269
Sameer258
Sameer258
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
152
hairlessupportmonkey
hairlessupportmonkey
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
287
Johnkite
Johnkite
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
134
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top