Internet only users - PIX settings - Cabling-Design.com Forums

- R
- Rob
  
  Contact options for registered users
posted
14 years ago

Thu, Oct 1, 2009 3:38 PM

Hi there, in our main building we have a PIX 515 as a firewall and in the other building which is part of our network with different VLAN we have staff who need access to all resources and a couple public machines those we want to limit to Internet access only. I am thinking to add a small PIX in front of those 2 public machines but not sure if I know how to setup the access list to do this tasks, I am not even sure if that would be possible, I appreciate your help. Should I use something like: access-list inside-outside permit tcp any any eq 80 on my pix501? but the outside 501 is still part of the lan, not sure what to do, please help. Rob

- A
- Artie Lange
  
  Contact options for registered users
Vote on answer
posted
14 years ago

Thu, Oct 1, 2009 5:50 PM

How many interfaces are on the PIX 515? If you are only using 2, you could add a 3rd interface and control traffic from that. Not really sure I understand you question correctly.

- R
- Rob
  
  Contact options for registered users
Vote on answer
posted
14 years ago

Thu, Oct 1, 2009 6:02 PM

My PIX has 3 interface but I cannot use that, thats for my DMZ servers.

the remote building is connected to inside 515 and include both staff and 2 public computers. Staff need access to all resources in main buildng + Internet and 2 public computers should be able to use only Internet and no access to any network resources in either remote and main buildnigs. I thought to put 2 public machine behind a pix 501 to apply this restriction. both public machines and remote building sharing a VLAN which is different than main building's vlan (default VLAN). there is no security between 2 VLANs. Hopefully it is more clear now.