The implementation you are speaking of is quite common actually.
The hard part is your security requirements. A good starting point
is to list ALL traffic that will be required to reach your DMZ
(for example, HTTP, HTTPS, FTP, etc...). Once listed, you can
create your rules; it would be rather lengthy to list everything
here, so be sure to RTFM (see links below).
You might want to check out the following links for PIX information
(remember to watch the wrap)! The information can be readily found
on CCO.
Although the links shown here may be a bit dated (in terms of SW release),
it should give you a good understanding of the mechanics behind the
installation and configuration of the PIX.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pix42cfg/
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pix42cfg/pix42cfg.htm
BTW - if you haven't, verify that you have a license that will allow
you to add another interface to the PIX.
HTH.
Michael Dingeldey CCDA, CCNP
Senior Network Engineer
Interactive Business Systems
Ph: (734) 542-9137
Fx: (734) 542-9149
-----Original Message-----
From: SH Wesson [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 23, 2000 5:27 PM
To: [EMAIL PROTECTED]
Subject: PIX w/ 3 Interfaces
Currently my PIX has two interfaces. I'm getting ready to add another
interface to my PIX to make it 3 interfaces to make a separate DMZ network.
My question is, when a user on the outside tries to access a server on on
the network on the inside (not dmz), is that doable. Also, I haven't been
able to find a full blown very very detailed sample config of a 3 interface
PIX configuration. If someone could share their 3 interface PIX
configuratin with me, I would greatly appreciate it.
Thanks.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
