Internet only users - PIX settings

Hi there, in our main building we have a PIX 515 as a firewall and in the other building which is part of our network with different VLAN we have staff who need access to all resources and a couple public machines those we want to limit to Internet access only. I am thinking to add a small PIX in front of those 2 public machines but not sure if I know how to setup the access list to do this tasks, I am not even sure if that would be possible, I appreciate your help. Should I use something like: access-list inside-outside permit tcp any any eq 80 on my pix501? but the outside 501 is still part of the lan, not sure what to do, please help. Rob

Reply to
Loading thread data ...

How many interfaces are on the PIX 515? If you are only using 2, you could add a 3rd interface and control traffic from that. Not really sure I understand you question correctly.

Reply to
Artie Lange

My PIX has 3 interface but I cannot use that, thats for my DMZ servers.

the remote building is connected to inside 515 and include both staff and 2 public computers. Staff need access to all resources in main buildng + Internet and 2 public computers should be able to use only Internet and no access to any network resources in either remote and main buildnigs. I thought to put 2 public machine behind a pix 501 to apply this restriction. both public machines and remote building sharing a VLAN which is different than main building's vlan (default VLAN). there is no security between 2 VLANs. Hopefully it is more clear now.

Reply to
Rob Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.