Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
279
Views
0
Helpful
2
Replies

Pix multiple internet access

qvoyles
Level 1
Level 1

‎04-21-2006 07:15 AM - edited ‎02-21-2020 12:51 AM

Hi,

Here's my hardware layout:

I've got a Pix 515E UR w/ 6 ports @ ver7.1(2)

I've got two T1 connections to the internet.

Currently I've got the following interfaces: inside(sec level 100), outside(sec 0)(1st T1), dmz(sec 50) and T1(sec 0)(2nd T1).

The inside interface only needs access to dmz and T1.

The DMZ has an email server and I would need to restrict it to only using the outside interface to access the internet.

I've tried to do this in single context mode with no luck keeping the dmz from just access the outside interface.

Here's my question: Is this possible in single context and I'm just missing something or should I go to multiple contexts?

Thanks!

0 Helpful
2 Replies 2

Fernando_Meza
Level 7
Level 7

‎04-27-2006 04:24 PM

Why don't you try a "trick"

Create PAT for devices on the inside network going towards DMZ and T1 ie.

nat (inside) 1

global (dmz) 1

global (T1) 1

Restrict access from inside host to the outside interface by doing PAT using a facke NONROUTABLE address

nat (inside) 1

global (outside) 1

As the NATes IP will be nonroutable on the outside interface .. the traffic will fall on a black hole

Post it if you find it helps

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card