?
Solved

PIX Firewall 515E Config

Posted on 2004-08-29
2
Medium Priority
?
699 Views
Last Modified: 2013-11-16
Greetings to all The Experts,

ok I have two PIX firewalls 515E, and I am going to reconfigure them. in each one I have outsite port, inside port, and 4 eathernet ports, and a fail over connection.

I have three IP Address Schems 192.X.X.X (Inside) 208.X.X.X (Outside) 67.X.X.X (DMZ).

how can I use the DMZ without having to assign 67.X.X.X IP Address to server in the DMZ?

thanks all
0
Comment
Question by:mjalmassud
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 36

Accepted Solution

by:
grblades earned 900 total points
ID: 11929593
Hi mjalmassud,
I don't understand what you are asking. If the DMZ interface has a 67.x.x.x IP address then other servers in the DMZ have to have that same IP address range. You can configure NAT though to translate addresses from the outside IP address range through to the DMZ server.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 600 total points
ID: 11930829
grblades is correct. If we understand you correctly, you can use the 67.x.x.x addresses for static nat translations to private IP addresses of the servers in the DMZ, and 208.x.x.x addresses for the users on the inside

ip address dmz 192.168.122.1 255.255.255.0
ip address inside 192.168.102.1 255.255.255.0
ip address outside 208.x.x.x 255.255.255.248
global (outside) 1 208.x.x.x 208.x.x.x
global (outside) 1 208.x.x.x
global (outside) 2 67.x.x.x
global (dmz) 1 interface
nat (inside) 1 192.168.102.0 255.255.255.0
nat (dmz) 2 192.168.122.0 255.255.255.0
static (dmz,outside) 67.x.x.100 192.168.122.100 netmask 255.255.255.0
static (dmz,outside) 67.x.x.101 192.168.122.101 netmask 255.255.255.0

<etc>
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question