Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
4
Replies

Pix 515e and ISA 2004

owlhousing
Level 1
Level 1

‎07-02-2004 12:23 AM - edited ‎02-20-2020 11:29 PM

Hi all,

I have a decision to make regarding our PIX515e.

We have the DMZ bundled PIX.

I have been considering setting up the following configuration.

internet>pix>dmz>Front End Exchange>Internal Exchange

However every where I look the advice is not to use this configuration and instead to use an ISA Server.

I can only afford 1 new server. And I got the pix because it has a dmz.

Do you guys recommend using a pix and ISA? It seems like a lot of expense. We are a small company with about 300 employees.

What is youre advice? Thanks

Rgs

Colin

0 Helpful
4 Replies 4

jmia
Level 7
Level 7

‎07-02-2004 12:45 AM

Colin,

Form experience, I would place the mail server on the DMZ but saying this I also have PIX and ISA servers. But I would place the mail server on the DMZ and patch everything up for the server.

Here's a URL on setting up mail server access on DMZ with PIX.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008015efa9.shtml

Let me know if this helps a little or require further help.

Jay

0 Helpful

owlhousing
Level 1
Level 1
In response to jmia

‎07-02-2004 12:55 AM

Thanks Jay,

A voice of reason at last!

I can see the benefit of application level filtering that ISA offers but how many firewalls is enough?

I guess MS will soon be saying that you only require ISA and no form of PIX etc.

Thanks again

Colin

0 Helpful

jmia
Level 7
Level 7
In response to owlhousing

‎07-02-2004 01:14 AM

Colin,

To be honest, I would rather have a hardware based firewall protecting my network (PIX) then having an application based system (ISA). Have seen far too much horror scenarios with ISA!!

But I am sure that MS guys will disagree with this… as always.

Jay

0 Helpful

adekugm
Level 1
Level 1
In response to jmia

‎08-24-2004 04:17 AM

Hi Jay,

Is it possible you could please post your Pix config as I also need to set up my Pix with the ISA server in the DMZ.

The MS guys here have said the Proxy server requires 2 interfaces and as my Pix 515E has 6 interfaces, I was quite happy to have a 2nd DMZ interface for the second nic on the proxy.

The problem I'm having at the moment is getting the connectivity sorted i.e from previous posts I read that one of the proxy cards should be patched into the dmz switch and the other card should be patched into the switch on the inside interface.

I am reluctant to implement this as I feel it breaches the network security.

I want the proxy on the DMZ totally segregated from the rest of the network so if it gets hit by viruses or such, we can simply shut the interface down to stop the flow.

I would want the inside users to connect to the outside interface via the proxy card on dmz interface and traffic from the outside should only connect to the proxy address on the 2nd dmz interface?????? does this make any sense??

I would appreciate some response to this post as while this has been a background project for a while and I have not spent much time on it, I really need to deliver within the next fortnight or so.

Thanks for your time.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card