Solved

PIX Firewall 515E Config

Posted on 2004-08-29
2
697 Views
Last Modified: 2013-11-16
Greetings to all The Experts,

ok I have two PIX firewalls 515E, and I am going to reconfigure them. in each one I have outsite port, inside port, and 4 eathernet ports, and a fail over connection.

I have three IP Address Schems 192.X.X.X (Inside) 208.X.X.X (Outside) 67.X.X.X (DMZ).

how can I use the DMZ without having to assign 67.X.X.X IP Address to server in the DMZ?

thanks all
0
Comment
Question by:mjalmassud
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 36

Accepted Solution

by:
grblades earned 300 total points
ID: 11929593
Hi mjalmassud,
I don't understand what you are asking. If the DMZ interface has a 67.x.x.x IP address then other servers in the DMZ have to have that same IP address range. You can configure NAT though to translate addresses from the outside IP address range through to the DMZ server.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 200 total points
ID: 11930829
grblades is correct. If we understand you correctly, you can use the 67.x.x.x addresses for static nat translations to private IP addresses of the servers in the DMZ, and 208.x.x.x addresses for the users on the inside

ip address dmz 192.168.122.1 255.255.255.0
ip address inside 192.168.102.1 255.255.255.0
ip address outside 208.x.x.x 255.255.255.248
global (outside) 1 208.x.x.x 208.x.x.x
global (outside) 1 208.x.x.x
global (outside) 2 67.x.x.x
global (dmz) 1 interface
nat (inside) 1 192.168.102.0 255.255.255.0
nat (dmz) 2 192.168.122.0 255.255.255.0
static (dmz,outside) 67.x.x.100 192.168.122.100 netmask 255.255.255.0
static (dmz,outside) 67.x.x.101 192.168.122.101 netmask 255.255.255.0

<etc>
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question