Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
2
Replies

PIX config 4 interfaces, Inside (NAT), DMZ2 (NAT), DMZ1 (no NAT)

boehm-d
Level 1
Level 1

‎04-14-2003 11:23 PM - edited ‎02-20-2020 10:41 PM

I have recently aquired a PIZ 515 ver 4.4

Have 4 interfaces of which the following is required:

Inside (NAT), requires to be nated

DMZ2 (NAT), requires to be nated

DMZ1 (no NAT), requires NOT to be nated (uses public address)

Also need to allow inside users access outside for DNS info.

Finally have a number of registered domains and as IP addresses are hard to come by would like to allow multiple domain names to resolve to one IP address located in DMZ, how will the PIX handle this if possible?

Question?

Does any one have a basic config or sample for this?

Can anyone tell me how to allow DNS from inside to out

Finally have a number of registered domains and as IP addresses are hard to come by would like to allow multiple domain names to resolve to one IP address located in DMZ, how will the PIX handle this if possible?

The rest is simple (laugh) if I can get the above correct.

If you can help let me know

0 Helpful
2 Replies 2

mostiguy
Level 6
Level 6

‎04-15-2003 05:30 AM

This all sounds doable. You can get very tricky with natting and no natting on pixen. To nat, your global group number needs to line up with a pix statement. SInce you can have multiple statements of each, you have all the flexibility you need.

Multiple domains to one ip is not a problem - this has been discussed before. Search for http host headers, or try to find my old posts, as I have explained this recently. The only hangup is ssl secured sites, for plain http, you can have tons of domain names/web sites living on one web server. This is a web server issue though, not a pix issue

0 Helpful

richardmcmahon
Level 1
Level 1
In response to mostiguy

‎04-17-2003 04:12 AM

DNS first

Allow DNS requests out to UDP port 53 (domain) from inside ie. inside 0.0.0.0 (any port) to outside 0.0.0.0 port 53. Then apply this ACL to the inside interface.

Multiple domain names to one IP.

The PIX does not care about fqdn passing through. You have to setup your webserver using host address's . This can be done for http protocol but not for https as it requires an ip per certificate. (as mentioned abouve)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card