Re: PIX 7.0.1 and DMZ

ph0enix · ‎04-26-2006

I'm trying to find an example of a config for PIX515 running PIX 7. The PIX has 3 ports:

outside

inside

dmz

I have the inside segment configured on 10.0.0.0/24 and I want to have the DMZ segment on 172.16.0.0/24. It currently has splittunel configured for VPN access.

Any info would be appreciated.

Patrick Laidlaw · ‎04-26-2006

Hello,

It helps to have your configuration posted or attached.

Patrick

ph0enix · ‎04-27-2006

Here you go (attached).

Thank you!

ph0enix · ‎04-27-2006

I'm looking at this example but it's for PIX 6.x and my DMZ server doesn't have a real IP address so the external IP needs to be NATted.

Fernando_Meza · ‎04-27-2006

I have read your post a couple of times and I am having problems understanding what are you trying to achieve .. can you please explain and perhaps a network diagram would be even better.

ph0enix · ‎04-27-2006

Thanks for reading my post [a few times] and sorry for not being clear

The firewall has three eth ports. Currently only two are being used - one for outside (dynamically assigned IP from the ISP), one for inside (10.0.0.0/24) and now I want to configure the third port as a DMZ segment (172.16.0.0/24) and stick a FTP server on it. I'm using Dynamic DNS so I don't really need a static IP for the external interface. I want the inside network to be able to access samba services on the ftp server and I'm going to use PAT to forward the FTP port to the 172.16 address.

I hope this is a little clearer.

Fernando_Meza · ‎04-27-2006

is the FTP server going to be accessed from the Outside as well or only from the inside segment ..?

ph0enix · ‎04-28-2006

Yes, sir. That's the idea.