Hello,
I'm having to configure a PIX 515e firewall that's on our network, but know very little about networking. A 'show version' results in:
Cisco PIX Firewall Version 6.3(4) Cisco PIX Device Manager Version 3.0(2)
We have a block of addresses that I would like to share between the DMZ and Internal interfaces, with the PIX inspecting packets on the way.
Here's an example:
We're provided a network segment 1.2.3.128/255.255.255.128 with
1.2.3.129 as the gateway to the rest of the world.I'd like to divvy up 1.2.3.130-254 between the internal and dmz, but it seems like the best I can do is give 32 addresses to the dmz and 64 to the internal, and then the other 32 are wasted on the outside interface. I don't want to waste those extra addresses, but we want everything behind the firewall.
Surely there's a way to do this? It seems like it should be a very common scenario. The only vaguely workable solution I've found is to do
192.168.x.x networks on inside and dmz and then do static maps between the addresses. But that is a configuration nightmare for us because DNS is completely broken for our machines that need to access other of our machines.Any help is greatly appreciated.
-John Dailey