Avatar of alimohammed72
alimohammed72 asked on

pix behind the pix

I have two PIX firewalls.PIX-2 is  behind  PIX-1.
1. PIX-1 has three interfaces namely outside(,DMZ( and FTP(  
2..PIX-2 has three interfaces namely inside(,DMZ( and outside(

I like machine from inside network to reach via are the things I need to do to ge this working.Please highlight all the best options.Thanks in Advance!
Software FirewallsCiscoHardware Firewalls

Avatar of undefined
Last Comment

8/22/2022 - Mon

If it is just the one machine that you want to hit the FTP segment, you might just want to put a static persistent route on the machine directing it to PIX-2 for that prefix or host.  This assumes that once the packet hits PIX-2, PIX-2 will route it to PIX-1.

Another option would be to NAT the FTP segment to the inside non-routable address space (192.168.9.x).

I have about 5 machines.Can I put static routes on PIX-1 as "route DMZ" ?and put an accesslist on PIX-1 as "acess-list inside permit tcp host host" ?Please advise.

As for NAT,FTP and Inside address spaces are on different PIXes.How does it work ?Please give me an example.


Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

i will try this recommendation
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck