Re: pix in transparent mode

carl_townshend · ‎02-28-2007

Hi all, i have some servers at work, on the same subnet as my other servers, i want to restrict traffic to 4 of them using a pix, I just want to restrict subnets, my question is would i need to put the pix in transparent mode? and do i need to put ip addresses on both in and outside interfaces on the pix? and if so how would people reach this as i dont want routing invloved as its on the same subnet!

hope you can help

thanks

Carl

raju · ‎02-28-2007

Hi carl,

PIX does not support Transparent mode.

Rgds

Raju

Jon Marshall · ‎02-28-2007

Hi Raju

The pix does support transparent mode in version 7.0 upwards. So if you have a pix 515E or better running v7.0 you can do this.

Carl

Yes you can use the pix in transparent mode. The pix will have one IP address for management. You do not need to worry about routing as the hosts and servers are on the same subnet.

Attached is a link for v7.0 transparent configuration.

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a00807bf3cc.html#wp1201980

HTH

Jon

carl_townshend · ‎02-28-2007

can i do this with a pix 501 with latest ios?

Jon Marshall · ‎02-28-2007

Carl

Unfortunately no. Pix 501 and Pix 506 do not support v7.0 and transparent firewall functionality is not available in v6.x.

You could look at using vacl's (vlan access-lists) which allow you to resrict traffic between hosts/servers within the same subnet.

HTH

Jon

carl_townshend · ‎03-06-2007

Hi all, how can I filter traffic to these servers then if I do not have one of these firewalls, the servers are on the same subnet? any ideas what I can do here ?