DMZ with Redundant Pix 525's

- N
- Newbie72
  
  Contact options for registered users
posted
16 years ago

Thu, Jul 27, 2006 3:36 PM

Our company currently has 2 Cisco Pix 525 configured redundantly via cisco cable. We are going to start hosting our own Web site within the next month. One of the things I wanted to do was create a dmz area using the Cisco PIx's. I imagine the easiest way would be to connect both ethernet interfaces on the pix to an unmanged switch so if one went down the other would still be able to communicate to the server. The unfortunate scenario would be if the switch went down well then we are our of luck.

Is there a better way?

thanks,

Steven Johnson

Loading thread data ...

- M
- Martin Bilgrav
  
  Contact options for registered users
posted
16 years ago

Thu, Jul 27, 2006 6:38 PM

or the internet link went down ... or the power to the PIX's - sounds like you have both PIX's closely together, since you are using FO cable. Consider a LAN Based FO. Read the Cisco guidelines for FO fundamentals - this will give you the answers. I would not have a unmanaged switch at all. Get a switch that aleast can do Private VLANs (port protected) in the DMZ - This is urgent ! Remember to have a ACL assigned to the DMZ interface aswell - This is urgent !

HTH Martin Bilgrav

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.