LeonesIT
asked on
Perimeter network behind ISA or a tree leg front-end firewall
Ls,
I've got a front end firewall (Cisco PIX) and a back-end firewall (ISA 2006) I need to publish a web server to the internet. The webserver has no connection with the other servers and my management wants it to isolate it in a network which is seperated from the other servers.
I've found several scenario's which one is most recommended:
1: create a perimeter network on a dedicated interface on the PIX and create some access rules in it
2: create a perimeter network between the pix and the back-end isa server
3: create a perimeter network on a dedicated network interface on the ISA server and create some rule in both the pix and the ISA server
thanx
I've got a front end firewall (Cisco PIX) and a back-end firewall (ISA 2006) I need to publish a web server to the internet. The webserver has no connection with the other servers and my management wants it to isolate it in a network which is seperated from the other servers.
I've found several scenario's which one is most recommended:
1: create a perimeter network on a dedicated interface on the PIX and create some access rules in it
2: create a perimeter network between the pix and the back-end isa server
3: create a perimeter network on a dedicated network interface on the ISA server and create some rule in both the pix and the ISA server
thanx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.