Design Network

s.sousa · ‎07-18-2006

Hi,

i have a pix 515 with 3 ports, Inside/Outside/DMZ.

My outside interface is conected by a switch to 2 routers using HSRP for internet.

Now i want to connect to another site company by a dedicated line.

I was thinking in buying a 4FE for the PIX to connect one port to the new router. My question is ... will i have any problems with this config ??

Thanks

Sergio Sousa

mpalardy · ‎07-18-2006

Hi Sergio,

There wont be any problem adding a 4FE card if the 515 has an Unrestrited (UR) license.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a00800b0d85.html

Just as a suggestion you may also want to take a look on VLAN configuration (requires 6.3 code) for the pix. Your newer site would have a dedicated VLAN replacing a costly dedicated interface on the pix. You would avoid the cost of a new 4FE.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#wp1113411

regards,

Mike

palomoj · ‎07-19-2006

Here are the options I see for this scenario.

1. You could add a 4FE for the PIX and connect the new interface to the new router.

2. You could add a 4FE for the PIX and connect the new interface to the DMZ switch or new extranet switch.

3. You could VLAN your existing DMZ interface and DMZ switch. Connect your new router to the DMZ switch and new VLAN.

I think the question is how much do you want to spend? Do you want to only buy one more device (router)? Or do you want to also buy a 4FE for the PIX which really isn't necessary? You can VLAN the PIX and secure your DMZ switch configuration and make it a secure solution.