DMZ creation Doubts

vipinrajrc · ‎07-27-2011

Hi,

I need to create a DMZ zone in my network. One server need to be put in DMZ. I have a PIX 515E 6.3.3. It has free port to create DMZ.

My plan is like

1) Put a new switch for DMZ zone

2) Connect it to the DMZ port

3) Create a NAT for inside to DMZ with same IP as inside

4) Create ACL for permiting traffic to DMZ and apply it to outside interface

5) Create ACl for permitting traffic from DMZ to inside

6) Routing for DMZ in PIX

Is this correct? or do i need to follow anyother steps?

Thanks

Vipin

Thanks and Regards, Vipin

Adam Makovecz · ‎07-27-2011

Hi,

yes this action plan sounds correct.

But please keep in mind that 6.3.3 is an extremely old code and not supported anymore by Cisco. However if it is stabel for you keep that version

cheers

Adam

vipinrajrc · ‎07-27-2011

Hi,

Thanks for you reply.

I need to put a CITRIX server inside this DMZ. Now this server has directly connected to internet suing a DSL connection.

So after putting this server in to DMZ ,do i need to create a NAT?

Will it work as the same as before?

Following are the port detail of CITRIX server.

Do i need to open all these port in PIX?

Client-side Application Virtualization - Streaming Client to Application Hub (File Server/Share) – SMB 445

Server-side Application Virtualization

    Management Console (Using IMA) – TCP 2512, 2513
    Application requests – TCP XML 80, 8080 or 443 (configurable)
    Access to Applications Virtualized on the Server – ICA-TCP 1494, 2598 (Session Reliability)

Web Interface

    Client connections – TCP 80/443 (configurable)
    Server-to-server – TCP XML 80/8080, 443 (using SSL Relay)
    Management console (partially IMA) – DCOM 135 (+ configurable high port range), IMA-TCP 2513, TCP 80/443

Please suggest.

Thanks

Vipin

Thanks and Regards, Vipin

Adam Makovecz · ‎07-27-2011

yes you have to create the nat rules and open the ports by acl.