Brian wrote:
> Terminology confusion. [...] "Private Link" [is] for IPSec VPNs [...]
Okay, I'll stop calling it a private link -- how about a "private,
dedicated, non-Internet connection to corporate" (pdnIc2c)? :)
> can pass traffic from higher to lower security levels. The return traffic
> is allowed back in. In your case you just needed to tell the PIX the route
> between networks.
>
> To pass traffic from lower to higher security levels you need an access
> list (or a good old conduit) and a route.
Well, this is close to the right track, but... The corporate traffic
doesn't need to pass through the PIX. I need to have the PIX pass all
the corporate traffic (from the inside interface) to the private network
router (also on the inside interface) but all other traffic heads out
the PIX's outside interface. (Feeble attempt at picture below)
I guess my question boils down to this: Can the PIX accept a packet
from the inside interface and pass it back out the same interface?
If not, all my internal machines will need to individually set a
route-to-corporate.
(Internet)
|
Cisco2501
|
PIX
|
(SunHost---PC---PC---PC---Mac---Cisco2600)
|
(CorporateWebServer)
--
Brad Parks, Unix Guy
bparks at flexstornet dot com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
