11-07-2005 09:21 PM - edited 02-21-2020 12:30 AM
Hi,
We hv a PIX 515E- firewall setup in active/failover mode.
Pls refer attached diagram.
We hv to use the proxy server which is placed in DMZ as gateway for Inside users browsing.
In other words all the internal users will be pointing to the DMZ proxy server for going to internet.
As shown in the diagram e also hv two 3750 switches configured in HSRP mode.
Pls assist with PIX config along with routes required for acheiving the task.
Our Internet is ADSL.
We hv single Public IP we want to PAT the entire LAN traffic on Single Public IP on Internet Router as shown in the diagram attached.
Regards
Deepak
11-08-2005 09:34 PM
Pls refer attached PIX config and Internet Router config.
Internet Router internal network is private.
Proxy server placed in DMZ is statically natted to PIX firewall outside interface network.
I don't want inside network to go directly to ouside world.
Instead i want internal network to go to proxy server in DMZ and through DMZ to ouside world.
Natting of private to public IP is happening on the Internet router and not PIX firewall.
Pls suggest.....
11-09-2005 06:03 PM
i did post my thought on the other section, and here it is:
pix by default will permit traffic from higher security level to lower security level. e.g. from inside to dmz. however, nat/global or static is required with v6.x.
add the command below:
static (inside,dmz) 172.17.37.5 172.17.37.5 netmask 255.255.255.224
i guess all three acls are applied for testing purposes only, as permitting ip any any is not a very good security practice.
assuming all you need is to permit the inside to dmz proxy server, from the proxy server to the internet, and no inbound traffic. then, no acl is required at all.
the reason being all these traffic flows from higher security level to lower security level; i.e. from inside to dmz, then from dmz to outside.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide