I'm trying to achieve something like this: Netgear wireless router (192.168.0.1) --> PIX outside (192.168.0.2) - PIX inside (192.168.16.1) --> LAN. Everything is working fine, but wireless clients cannot go through PIX. Can I get away having wireless on outside PIX interface or does it have to be on the LAN side ?
By default PIX Firewall BLOCKS all access from the Outside interface to Inside interface. You have to create rules to PERMIT traffic, create NAT translation, etc. So, it behaves exactly as it should behave.
The question is - who are your wireless users and how much you trust them? If you have proper authentication and authorization, you may place your wireless router inside your LAN. If it's publicly accessible wireless network, then you have to permit certain types of traffic based on what you need. But this may create a breach in your firewall security, if improperly planned. As an alternative, if you have more than 2 interfaces on your PIX, you can place a wireless in the DMZ, and create separate set of rules for wireless users.
I would prefer to have these users logging in using wireless on outside interface. The problem is I'm fairly new to PIX. I managed to open a few ports etc... but this is way over my skills. To be honest I'm looking for a ready to use solution. If there is someone who can help I will apreciate it.
"Ready to use solution" - hire the consultant who will make everything you need. I don't think it will cost you much, comparing to time and efforts you will spend trying to figure it out yourself.
As I told, in addition to "opening a few ports" you have to make NAT translations or do "no-NAT" configuration for wireless users.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.