Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
7
Helpful
5
Replies

DMZ on Pix 506

lformelli
Level 1
Level 1

‎10-14-2005 01:21 AM - edited ‎02-21-2020 12:28 AM

I have read that I can deploy an a DMZ on Pix 506.

Is it true?

Don't I need three ethernet interfaces?

I need to connect Web server on DMZ.

Does somebody advice on a document about it ?

Best regards

Lorenzo

0 Helpful
5 Replies 5

itchampnz
Level 1
Level 1

‎10-14-2005 01:25 AM

Yes it is true you can make a DMZ. The trick tho is that it is not physcial interface, it is logical.

The 506 supports up to 2 VLANs, providing a low-cost DMZ-enabled security solution that enables businesses to securely host Web servers, e-mail servers, and other services with the Internet or extranet environments.

So your inside interface you would create the logical vlan with security level of perhaps 50.

e.g.

interface ethernet1 vlan390 physical

interface ethernet1 vlan400 logical

nameif ethernet1 inside security 100

nameif vlan400 DMZ security50

lformelli
Level 1
Level 1
In response to itchampnz

‎10-14-2005 01:53 AM

Yes,

but do I need of Cisco Secure ver 7.0 ?

Can You advice an a document about configuration Web server on DMZ ?

0 Helpful

itchampnz
Level 1
Level 1
In response to lformelli

‎10-14-2005 01:56 AM

no you don;t need 7.0

6.3 will suffice.

The above config I pasted is all you need to subinterface the physical int. Just make sure your switch is then set to trunk.

From there you can just apply an access-list etc for the DMZ like you would any physical interface.

0 Helpful

arunsing
Level 1
Level 1
In response to itchampnz

‎10-14-2005 02:09 AM

# here is a sample config

interface ethernet1 vlan390 physical

interface ethernet1 vlan400 logical

nameif ethernet1 inside security 100

nameif vlan400 DMZ security50

# assign ip address to the inside interface and the dmz interface

ip address inside 10.10.10.1 255.255.255.0

ip address dmz 172.16.1.1 255.255.255.0

# for inside access to the dmz

nat (inside) 1 0 0

global (dmz) 1 interface

# for outside access to the server on port 80 and port 443

static (dmz,outside) tcp interface 80 80

static (dmz,outside) tcp interface 443 443

access-list out2in permit tcp any interface outside eq 80

access-list out2in permit tcp any interface outside eq 443

access-group out2in in interface outside

I am available on chat on arunsingh1234@hotmail.com

0 Helpful

arunsing
Level 1
Level 1

‎10-14-2005 02:02 AM

1. To be specific you need 6.3(4). Vlan on pix 506 was not support in version 6.3.3 or earlier.

2. Just FYI this interface should go the trunc port on the switch

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card