Hey Johnny,
I think what you're trying to do is this:
eth0 eth2
internet-----PIX-----LAN PRIVATE
|
eth1
|
Server cache (PROXY SERVER)
This requires your clients to configure the proxy server
in their browser if they want access to the cache. Also,
the proxy server is at a lower security level than the private
LAN - so in my mind you would want that to be eth1 rather
than eth2. You would set the security level of each interface
in the PIX to reflect the fact that eth0 is untrusted, eth1 is
only somewhat trusted and eth2 is trusted. In managing your cache
machine you should assume that it is "untrusted" (from the perspective
of the private LAN) you only allow specific traffic to and from
the cache box. (Port 80, 443, whatever you must have)
This does not require port redirection. It happens in the client.
Good luck,
Rich
> Date: Thu, 10 May 2001 10:25:41 -0500
> From: johnny gonzalez <[EMAIL PROTECTED]>
> Subject: redirect ports with pix 525
>
> Hi.
> I have pix firewall 525 cisco with 4 interfaces ethernet.
> first ethernet to internet
> second ethernet to LAN private
>
> The gateway for mi clients is the ip of the pix (LAN private), I need one
> cache server for fast access to internet but cisco pix 525 permit redirect to
> ports a server cache??
>
> Example.
>
>
> Any request for clients with port 80 redirect to Server cache.
>
> Its possible?
>
>
> Thanks.
>
>
> - --
> Johnny Gonzalez Dominguez
> Administracion HeadEnd Internet
> ------------------------------
>
> Date: Thu, 10 May 2001 13:04:21 -0700
> From: Carson Gaspar <[EMAIL PROTECTED]>
> Subject: Re: redirect ports with pix 525
>
> The pix does not currently support port redirection (as of 5.3(1)).
>
> - --
> Carson Gaspar - [EMAIL PROTECTED]
> Queen trapped in a butch body
> - -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
> ------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
