PIX and wireless

Hi everyone,

I'm trying to achieve something like this: Netgear wireless router (192.168.0.1) --> PIX outside (192.168.0.2) - PIX inside (192.168.16.1) --> LAN. Everything is working fine, but wireless clients cannot go through PIX. Can I get away having wireless on outside PIX interface or does it have to be on the LAN side ?

Thanks,

Reply to
michal2212
Loading thread data ...

By default PIX Firewall BLOCKS all access from the Outside interface to Inside interface. You have to create rules to PERMIT traffic, create NAT translation, etc. So, it behaves exactly as it should behave.

The question is - who are your wireless users and how much you trust them? If you have proper authentication and authorization, you may place your wireless router inside your LAN. If it's publicly accessible wireless network, then you have to permit certain types of traffic based on what you need. But this may create a breach in your firewall security, if improperly planned. As an alternative, if you have more than 2 interfaces on your PIX, you can place a wireless in the DMZ, and create separate set of rules for wireless users.

Good luck,

Mike

------ Cisco IP Phone PC Headset Adapters

formatting link

Reply to
headsetadapter.com

I would prefer to have these users logging in using wireless on outside interface. The problem is I'm fairly new to PIX. I managed to open a few ports etc... but this is way over my skills. To be honest I'm looking for a ready to use solution. If there is someone who can help I will apreciate it.

Thanks,

Reply to
michal2212

"Ready to use solution" - hire the consultant who will make everything you need. I don't think it will cost you much, comparing to time and efforts you will spend trying to figure it out yourself.

As I told, in addition to "opening a few ports" you have to make NAT translations or do "no-NAT" configuration for wireless users.

Good luck,

Mike

------ Cisco IP Phone Headset Adapters

formatting link

Reply to
headsetadapter.com

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.