<div>
<div class="content wysiwyg-content">
Ls,<br />
I've got a front end firewall (Cisco PIX) &nbsp;and a back-end firewall (ISA 2006) I need to publish a web server to the internet. The webserver has no connection with the other servers and my management wants it to isolate it in a network which is seperated from the other servers.<br />
I've found several scenario's which one is most recommended:<br />
1: create a perimeter network on a dedicated interface on the PIX and create some access rules in it<br />
2: create a perimeter network between the pix and the back-end isa server<br />
3: create a perimeter network on a dedicated network interface on the ISA server and create some rule in both the pix and the ISA server<br />
<br />
thanx
</div>
</div>


Ls,
I've got a front end firewall (Cisco PIX)  and a back-end firewall (ISA 2006) I need to publish a web server to the internet. The webserver has no connection with the other servers and my management wants it to isolate it in a network which is seperated from the other servers.
I've found several scenario's which one is most recommended:
1: create a perimeter network on a dedicated interface on the PIX and create some access rules in it
2: create a perimeter network between the pix and the back-end isa server
3: create a perimeter network on a dedicated network interface on the ISA server and create some rule in both the pix and the ISA server

thanx

Perimeter network behind ISA or a tree leg front-end firewall

Microsoft Forefront, formerly known as Internet Security and Acceleration Server (ISA Server), is a network router, firewall, antivirus program, VPN server and web cache that runs on Windows servers. It includes identity management and protection systems, and discontinued systems for threat management and network protection, along with protection for Sharepoint and Exchange. The scope of discussions includes forward and reverse proxy, application and service publishing, virtual private networks (VPNs), outbound access rules, SSL certificates and network routing within either a single node or an highly-available array pairing.

Microsoft Forefront ISA Server

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.