Is it possible to set up a second DMZ?

I just received another block of ip addresses to put on our dmz and i'm not sure how to do that?  I'm almost through the CCNA book though:)!

Can anyone help?  I would like to do through the PDM if possible.  I was looking trying to figure it out and thought it should go in the Host/Networks tab, but not sure where to add it?

Any help is much appreciated!  

Thank you!
cas_threeAsked:
Who is Participating?
 
lrmooreCommented:
It sort of depends on how this block of IP's are being routed to you.
The router provided by the ISP is the key. Is the ISP routing this block to the router, or directly to your PIX IP?
Are you using public IP's on your DMZ, or using static NAT mapping private/public for the DMZ?
And you want to add a Linux box to the same DMZ interface, but on a different subnet?
I could be more help if I saw the PIX config (mask enough of your public IP to be safe, but not so much that we can't tell the uniqueness....
0
 
Keith AlabasterEnterprise ArchitectCommented:
What is your firewall and IOS version? How many ports does it have?
0
 
lrmooreCommented:
>I would like to do through the PDM if possible.
Sounds like a PIX. As Keith suggested, please post details of which PIX model and what version OS it's running.
Generally, you simply need to confirm with the ISP that this new block of IP addresses will be routed to your current public IP address.
Once this block of IP's is routed to you, you simply create new static xlates or global pools on the pix.
If these are simply additional IP's that are in the same IP subnet as your outside interface, then you just create new static xlates, or add these IP's to the global xlate pool.
For what purpose did you order these additional IP addresses?
Do you have a router out in front of the PIX, or how does your WAN access come in? Is it DSL, T1, or what?
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
cas_threeAuthor Commented:
I'm sorry for not giving the equipment and version.  It is a Cisco PIX 515E, version 6.3(4).

This block of IP's are being routed to us.  They are not on the same subnet as the other block if ip's on our dmz interface.

We are putting a linux box on our dmz, that was the purpose of getting additional ip's.

We have a router that was provided by our ISP, it's a bonded copper line.

I hope this helps!

Thank you!
0
 
paul1gilbertCommented:
If you just received a new ip block you can create static translations between the dmz and the outside and you can translate the traffic from the outside to the server on the DMZ. If you prefer to assign the public ips to servers on the DMZ and still be able to reach it from the outside using those ips then you can create a self translation for the subnet, for example:
static (dmz,outside) 64.16.29.0 64.16.29.0 netmask 255.255.255.248
then you create the access lists to allow the traffic to the servers and apply them on the outside.

If you want to use private ips on the DMZ then the mapping will be from public to private.

Let me know if this is clear.
0
 
cas_threeAuthor Commented:
Called Cisco and this is not possible since.
0
 
lrmooreCommented:
With enough information anything is possible. Asker did not provide enough information.
Cisco TAC looks at a problem from a very narrow viewpoint.

Delete is fine with me.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.