Config of a 515 PIX

Just a 4th question :

Thanks !

Thanks A lot Walter !

In article , LLFF wrote: :Please ... I have some questions about the configuration of a 515 Pix :

:1) What are commands to permit hosts on DMZ3 to access to DMZ2, Inside, :and Outside hosts ?

:Do i have to configure PAT ?

No.

:2) Is it possible to create a VPN just on this DMZ3 ??

Except for "management interface" usable only to configure the PIX itself, a crypto map applied to an interface can be used only for VPNs that are connecting from that interface. For example, you cannot configure a VPN on DMZ3 and have users connect to it from the outside interface.

:Or is it :possible to create a VPN on the outside interface with a public address :for the "peer" and to say that hosts connected by this address can just :access DMZ3 ?

Read the Configuration Guide and then get back to us on this. I could answer, but you wouldn't understand the convolutions of the answer without the background.

:3) What are commands to configure a VPN access and an authentication on :a Radius server ?

'crypto map', 'vpngroup' and 'aaa'. But read the Configuration Guide.

In article , LLFF wrote: :Just a 4th question :

:4) What is FIXUP ?

'fixup' is a configuration command to the PIX that tells the PIX to watch out for certain higher level protocols on certain ports, and to re-write the traffic to reflect NAT'd IPs, and/or to open extra data flows as needed to reflect negotiated ports and IPs (e.g., for FTP.)

'fixup' does not exist under that name in PIX 7.0, which tells us that your PIX is likely running PIX 6.x -- something that you forgot to mention earlier. PIX 7.0 and PIX 6.x are fairly different in their configuration commands, so rather than have us describe the procedures under the two fairly different software versions, it is a lot easier on us if you explicitly indicate the software version you are using.