Avatar of alimohammed72
alimohammed72 asked on

pix behind the pix

I have two PIX firewalls.PIX-2 is  behind  PIX-1.
1. PIX-1 has three interfaces namely outside(142.77.1.1),DMZ(172.16.1.1) and FTP(143.77.1.1).  
2..PIX-2 has three interfaces namely inside(192.168.9.1),DMZ(172.16.1.2) and outside(142.77.1.2).

I like 192.168.9.2 machine from inside network to reach 143.77.1.1 via 172.16.1.1.what are the things I need to do to ge this working.Please highlight all the best options.Thanks in Advance!
Software FirewallsCiscoHardware Firewalls

Avatar of undefined
Last Comment
alimohammed72

8/22/2022 - Mon
tfowles

If it is just the one machine that you want to hit the FTP segment, you might just want to put a static persistent route on the machine directing it to PIX-2 for that prefix or host.  This assumes that once the packet hits PIX-2, PIX-2 will route it to PIX-1.

Another option would be to NAT the FTP segment to the inside non-routable address space (192.168.9.x).
ASKER
alimohammed72

I have about 5 machines.Can I put static routes on PIX-1 as "route DMZ 143.77.1.1 255.255.255.255 172.16.1.1" ?and put an accesslist on PIX-1 as "acess-list inside permit tcp host 192.168.9.2 host 143.77.1.1" ?Please advise.

As for NAT,FTP and Inside address spaces are on different PIXes.How does it work ?Please give me an example.

Thanks
ASKER CERTIFIED SOLUTION
Voltz-dk

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
alimohammed72

i will try this recommendation
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck