01-20-2012 11:26 AM
I'm building a dual firewall solution for exchange.
Currently, I also have people connecting VPN to the PIX 515E.
Internet ==vpn== 5505 == LAN
Looking to set up
PIX515E ==dmz== Edge server == ASA 5505 == LAN
In a setup like this, which device should I have people connect VPN to? The pix will be the only device directly connected to the internet. Everything else will be natted.
01-20-2012 12:11 PM
The Pix515 for vpn as you dont want to have NATTED vpn headend. Also, I am not sure why do you want :-
PIX515E ==dmz== Edge server == ASA 5505 == LAN
Rather than
Internet --------- ASA5505 == Lan
||
DMZ servers
Manish
01-20-2012 12:52 PM
Most of the documentation I've been reading has suggested that
PIX515E ==dmz== Edge server == ASA 5505 == LAN
seemsto be the best practices setup config for exchange with an edge server.
http://www.netometer.com/blog/?p=70
http://msmvps.com/blogs/ehlo/archive/2007/08/16/1116308.aspx
01-20-2012 02:36 PM
Not sure about these Blogs , but I have always seen firewalled Network with either Inside/Outside or Inside/outside/DMZ configuration only ( more often inside/outside/dmz ).
I think the inside( 100 )/outside ( 0 )/dmz ( 50 ) security setting would logically look like a Two firewall design as lower to higher traffic will be scaned against Firewall rules etc.
Manish
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide