1. Home
  2. Networking Firewalls
  3. PIX and DMZ

PIX and DMZ

The fact that you are using a PIX is a good start.

Reply to
Munpe Q
Loading thread data ...

I use PIX 515e and try configre something like this:

LAN ---- PIX -------- CISCO_ROUTER ----(internet) | dmz WEB_SERWER (local ip 192.168.101.2) (public ip *.*.*.167 )

I made a mistake ,and I can't connect to public ip in WEB_SERWER *.*.*.167 from lan and from internet.

nameif ethernet0 WAN security0 nameif ethernet1 LAN security99 nameif ethernet2 DMZ security50 access-list outside_in permit tcp any host *.*.*.167 eq www access-list outside_in permit icmp any any ip address WAN *.*.*.166 255.255.255.224 ip address LAN 192.168.0.165 255.255.255.0 ip address DMZ 192.168.101.1 255.255.255.252 global (DMZ) 1 *.*.*.168 netmask 255.255.255.224 nat (LAN) 1 192.168.0.0 255.255.255.0 0 0 alias (LAN) *.*.*.167 192.168.101.2 255.255.255.255 static (DMZ,WAN) *.*.*.167 192.168.101.2 netmask 255.255.255.255 0 0 access-group outside_in in interface WAN route WAN 0.0.0.0 0.0.0.0 *.*.*.169 1

what is it wrong ?

Reply to
Tomi

Actually, and it didn't come across when I posted, I'd rather see a PIX as a door stop than a freakin' firewall. It amazes me how many people don't perform due diligence when implementing a firewall solution and automagically pimp out Cisco and then wonder why they have non-stop difficulty implementing them. Security has to be strong but doesn't need to impossible to implement.

So to Tomi, take that thing and use it to prop up your monitor or something.

Reply to
Munpe Q

Swearing by Cisco may be well and fine, but PIX isn't an in-house Cisco product; it was originally made and sold by another company that Cisco bought. Its core design still betrays its non-Cisco origins.

Regards,

Reply to
Arthur Hagen

You are not trying to suggest a better piece of kit than the PIX are you? I swear by Cisco kit.

Reply to
K

Reply to
kamalarora10

Reply to
kamalarora10

The config is good on PIX...check wether do u have the ports open on ur router... Rgds,

Kamal

Reply to
kamalarora10

The config is good on PIX...check wether do u have the ports open on ur router... Rgds,

Kamal

Reply to
kamalarora10

Take a look around, look at DI on Netscreen, and IDS on a Sonicwall, even better, get a demo of them in action. You'll never look at a PIX again. PIX performance, functionality, and security levels a crap for todays market. A PIX501 for example is nothing better than your average crappy off the shelf SPI Firewal//Router that sells for $30.

Reply to
Mark S

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.