Hi all,
I'm setting up our PIX (515e running 7.1(1)). It will be connected to three networks - our ISP (outside), our internal LAN (inside) and our server DMZ (DMZ).
Currently, under the old setup all servers are configured with a public IP from our class-C network range - 213.86.7.x/24. Our internal LAN is on 172.16.x.x/16 with that sub-netted for various offices.
If I keep this setup then with the PIX in situ it will look as follows:
Internet-----[PIX]-----DMZ(213.86.7.x/24) | | | Internal LAN (172.16.x.x/16)
But on reading up some example configs and books, it seems that most people setup the DMZ on a private range then map public IP addresses forward as required to hosts on the DMZ.
I'd just like to ask some advice; would it be recommended to keep with the current network setup - and I should add that not all hosts on the DMZ need to be accessed externally. Or should I re-address my DMZ to a private range and map the public IP addresses through as required? It's fairly trivial to do this since all servers are using DHCP anyway.
Thanks in advance,
Jon.