09-26-2001 01:18 PM - edited 02-20-2020 09:50 PM
We are setting up a pix firewall with different clients and different networks off each network interface. What is the best way for each client to be able to remotely manage their servers without giving them access to anyone elses network? One-to-one nat or vpn???
Thanks
09-28-2001 10:23 AM
I have just a quick question to you question. Are each of the networks that you are going to setup have there own interface on the PIX or is there a routing device off an inside interface of the PIX that will host these networks?
09-28-2001 12:42 PM
I am not sure. Which is the best way to do it? I guess I would need 2 interfaces for each network, 1 in and 1 out right?
10-01-2001 06:28 AM
The way I would suggest that you setup your pix is that you have only 1 outside interface, 1 "inside" interface for your own needs or whatever and then setup 1 DMZ interface for each network you going to be supporting. Now in order to get the result of the DMZ networks not to have access to each other you configure each interface with the same security level, this way the PIX will never allow any traffic to go from on interface to any other interface with the same security level. The problem here could be the number of interfaces supported by your PIX, if you have a PIX 515 with an unrestricted license then you could get 4 DMZ interfaces and 1 outside and 1 inside interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide