Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
254
Views
0
Helpful
1
Replies

Dual Pix setup help.

msichi
Level 1
Level 1

‎02-17-2005 08:43 AM - edited ‎02-20-2020 11:58 PM

Hello,

I am having some difficulties getting this to work correctly. Here is my setup:

Pix 515:

Outside 66.x.x.x.x/29

Inside 151.195.x.x/24

DMZ 192.168.0.1

DMZ int is plugged into Vlan

Web server 192.168.0.2 plugged into vlan

Web server gateway is 192.168.0.1

This part is working correctly.

Web Server has dual nic's. It is part of active directory and needs to connect to a database housed on another inside server. The other nic has an internal address of 151.195.x.x

I have a pix 501 that I want to put inbetween this webserver and my inside network that only allows access to my domain controller and my sql server, but users on my inside network have full access to the webserver coming from inside.

I set the inside int on the pix 501 to a 151.195.x.x, but I am not clear on what to set the outside int to or if i would need any routes on the 501. Or what to do with the address of the 2nd nic on the web server.

More info--- There is an internal router that is the default gateway of all my inside clients. This routers gateway is the pix 515.

Thanks for any guidence you can give me on this.

0 Helpful
1 Reply 1

csoans
Level 1
Level 1

‎02-17-2005 02:10 PM

Ideally it would be better not to have this web server as part of the domain, since the possibility of this system being compromised or infected with viruses is high.

It would be better if the web server was a standalone server with a single nic, and all the database traffic from this server to the databse server used an ODBC connection.

You would just have to open up the SQL port on the 515 between the Web server and SQL server, better still you can change the SQL port on the Database server and open this port up instead of the default port this provides better security.

Regards

Chris

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card