Solved

PIX Firewall 515E Config

Posted on 2004-08-29
2
647 Views
Last Modified: 2013-11-16
Greetings to all The Experts,

ok I have two PIX firewalls 515E, and I am going to reconfigure them. in each one I have outsite port, inside port, and 4 eathernet ports, and a fail over connection.

I have three IP Address Schems 192.X.X.X (Inside) 208.X.X.X (Outside) 67.X.X.X (DMZ).

how can I use the DMZ without having to assign 67.X.X.X IP Address to server in the DMZ?

thanks all
0
Comment
Question by:mjalmassud
2 Comments
 
LVL 36

Accepted Solution

by:
grblades earned 300 total points
ID: 11929593
Hi mjalmassud,
I don't understand what you are asking. If the DMZ interface has a 67.x.x.x IP address then other servers in the DMZ have to have that same IP address range. You can configure NAT though to translate addresses from the outside IP address range through to the DMZ server.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 200 total points
ID: 11930829
grblades is correct. If we understand you correctly, you can use the 67.x.x.x addresses for static nat translations to private IP addresses of the servers in the DMZ, and 208.x.x.x addresses for the users on the inside

ip address dmz 192.168.122.1 255.255.255.0
ip address inside 192.168.102.1 255.255.255.0
ip address outside 208.x.x.x 255.255.255.248
global (outside) 1 208.x.x.x 208.x.x.x
global (outside) 1 208.x.x.x
global (outside) 2 67.x.x.x
global (dmz) 1 interface
nat (inside) 1 192.168.102.0 255.255.255.0
nat (dmz) 2 192.168.122.0 255.255.255.0
static (dmz,outside) 67.x.x.100 192.168.122.100 netmask 255.255.255.0
static (dmz,outside) 67.x.x.101 192.168.122.101 netmask 255.255.255.0

<etc>
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now