I faced the same problem when I introduced my pix. What you do is bind the
IP address that you use on the outside interface to the DMZ interface as
well. Then you create static between the same IP address on the outside and
the DMZ. Setup your conduit rules for the IP address. Just slip the pix in
between your servers and the internet. Viola. Down time is about as long as
it take to move the cables around. It seams a little bizarre but it works.
-----Original Message-----
From: Neil H. [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 1:38 PM
To: [EMAIL PROTECTED]; Jay Christopherson
Subject: Re: Passing Traffic Through a PIX
I realize I am defeating the purpose of the firewall but I want to get
traffic going through it then lock it down. I host thousands of websites
that each have their own ip address so I need those ips to pass on, and not
renumber them all to an internal ip.
Hope that makes sense.
Thanks,
Neil
----- Original Message -----
From: "Jay Christopherson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 20, 2001 3:19 PM
Subject: Re: Passing Traffic Through a PIX
>
> Neil-
>
> What exactly are you trying to do? Are the servers behind your PIX
> going to all have publicly available IP's? Why wouldn't you have
> internal IP's and just NAT them?
>
> Are you looking for a config? I mean, once you have all the system
> configs (iinterface IP's, security zones, failover ip's (if any),
> etc...) setup, you can basically create ACL's that say:
>
> access-list acl_open permit ip any any
>
> and that will allow all traffic through your firewall, but then you
> are utterly defeating the purpose of a firewall...
>
> - Jay
>
> > Message: 10
> > From: "Neil H." <[EMAIL PROTECTED]>
> > To: "Kent Hundley" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Subject: Re: Passing Traffic through a Pix
> > Date: Thu, 20 Sep 2001 13:20:19 -0400
> >
> > Their site shows a the scenario that your servers all have internal
> > IP addresses and you want to pass traffic into those. That isn't
> > really
what I
> > am doing so that is why I am asking.
> >
> > Thanks,
> >
> > Neil
> >
> > ----- Original Message -----
> > From: "Kent Hundley" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Thursday, September 20, 2001 4:06 PM
> > Subject: RE: Passing Traffic through a Pix
> >
> >
> > > Neil,
> > >
> > > Have you tried looking at the PIX docs on the Cisco web site?
> > > They do
a
> > > decent job of going through setting up a PIX for simple
> > > envrionments
like
> > > the kind your talking about. I would start there first and see if
> > > it gives you what you need. You can also do a search on Cisco's
> > > site for 'security technical tips' and that will lead you to a lot
> > > of PIX
configs.
> > >
> > > HTH,
> > > Kent
> > >
> >
> ----------------------------------------------------------------------
> ---
> > > Could someone please help me to put a PIX on my network and pass
normal
> > > traffic through it. I want to use no filters at this point. I also
want
> > > all the addresses on the server to be available on the other side
> > (outside)
> > > of the pix.
> > > Thanks,
> > > Neil
> > >
> > >
> >
> >
> >
> > --__--__--
> >
> > _______________________________________________
> > Firewalls mailing list
> > [EMAIL PROTECTED]
> > http://lists.gnac.net/mailman/listinfo/firewalls
> >
> >
> > End of Firewalls Digest
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
