PIX in Unstructured Network

cco-ahmed · ‎09-26-2005

Recently i join a new company where i find very unstructured network we have three cisco catalyst 2950 one Cisco 2620 router, three 3com 4420 manageable switches and seimens wireless lan (Gigaset SE505 cable/dsl router / bridges) and few un-manageable switches on diffrents location. There is no VLAN working here, Seimens Wireless has no support for vlans, as well as the un-mangable switches have. My task here is to deploy PIX without disturbing the network. we have un-managed ip schemes also, my question is to how to deploy the pixfirewall in such case where if you change the network setting it shutdown all network , kindly give me the best best posible way to deploy pix in such enviornment.

jackko · ‎09-26-2005

pix is always there to secure your network from the internet. assuming the 2620 is the border router, then maybe,

internet <--> 2620 <--> pix <--> lan

if 2620 is an internal router that connects to branch offices via a priavte link, then maybe

internet <--> pix <--> lan <--> 2620 <--> private wan <--> branch office

with the seimens, i would install it at the dmz.

internet <--> pix <--dmz int--> seimens

internet <--> pix <--inside int--> lan

in that case, we can provide internet access for the wlan user without limitation, at the same time securing the private resources by permitting very limited access from wlan to private lan.

whatever you are going to do, deploying a pix will interrupt the existing network service

jackko · ‎10-05-2005

just wondering how you go.