Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
0
Helpful
1
Replies

PIX Wan setup with DMZ --assistance please

m-jankowski
Level 1
Level 1

‎10-09-2010 11:02 AM - edited ‎03-04-2019 10:02 AM

OK.. so I'm bring up a PIX cluster and a couple Barracuda Spam Firewalls for email filtering in a colocated space I've rented out. The team installing the equipment was oh so gracious to do the initial configuration on the PIX for me for network connectivity but I'm concerned they aren't following what I want to do:

I have two public IP's for the Barracudas... one for the outside interface of the pix and one for the DMZ.. the problem is they are all the same subnet (example) 10.1.1.1 Gateway; 10.1.1.2 Outside; 10.1.1.3 Inside; 10.1.1.4 Barracuda; 10.1.1.5 Barracuda..

I know these are private addresses but let's pretend they aren't right now.. They also said that while they share the same three octets that they are in two different networks.

I need public IP's for my Barracudas to make the system work.

I can't get network connectivity.. I can get into the PIX.. but after that I'm having access list issues to the DMZ and routing problems OUT of the DMZ..

Can anyone just give me a simple config that will allow port 80, 443, and 25 into the DMZ to the Barracudas and the correct routing?

They have the PIX set to Routed firewall mode.. which doesn't make sense to me..

All I'm really looking for is the PIX to be a firewall, no NAT or anything special since all my network devices right now will be public IP's.

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎10-09-2010 01:38 PM 

m-jankowski wrote:
OK.. so I'm bring up a PIX cluster and a couple Barracuda Spam Firewalls for email filtering in a colocated space I've rented out. The team installing the equipment was oh so gracious to do the initial configuration on the PIX for me for network connectivity but I'm concerned they aren't following what I want to do:
I have two public IP's for the Barracudas... one for the outside interface of the pix and one for the DMZ.. the problem is they are all the same subnet (example) 10.1.1.1 Gateway; 10.1.1.2 Outside; 10.1.1.3 Inside; 10.1.1.4 Barracuda; 10.1.1.5 Barracuda..
I know these are private addresses but let's pretend they aren't right now.. They also said that while they share the same three octets that they are in two different networks.
I need public IP's for my Barracudas to make the system work.
I can't get network connectivity.. I can get into the PIX.. but after that I'm having access list issues to the DMZ and routing problems OUT of the DMZ..
Can anyone just give me a simple config that will allow port 80, 443, and 25 into the DMZ to the Barracudas and the correct routing?
They have the PIX set to Routed firewall mode.. which doesn't make sense to me..
All I'm really looking for is the PIX to be a firewall, no NAT or anything special since all my network devices right now will be public IP's.

If the pix is in routed mode then they can't assign 10.1.1.2 to the outside and 10.1.1.3 to inside because that won't work. Also if you need the Barracudas on a DMZ and the public subnet assigned to you is not big enough to subnet down then you will have to use NAT ie. address the Bs privately and then use the public IPs to NAT them.

It all depends on the size of the public subnet ie. the subnet mask assigned to you. In addition, what is on the inside of the pix ie. is it a LAN ?

Perhaps if you could post the pix config - by all means change the public IPs to private IPs but you need to leave in the subnet mask.

Edit - when you say pix "cluster" are you talking about 2 pix firewall in active/standby or active/active failover ?

Jon

0 Helpful
Customers Also Viewed These Support Documents