I've got a front end firewall (Cisco PIX) and a back-end firewall (ISA 2006) I need to publish a web server to the internet. The webserver has no connection with the other servers and my management wants it to isolate it in a network which is seperated from the other servers.
I've found several scenario's which one is most recommended:
1: create a perimeter network on a dedicated interface on the PIX and create some access rules in it
2: create a perimeter network between the pix and the back-end isa server
3: create a perimeter network on a dedicated network interface on the ISA server and create some rule in both the pix and the ISA server