Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
825
Views
0
Helpful
3
Replies

Which firewall to connect VPN to?

akblackwel
Level 1
Level 1

‎01-20-2012 11:26 AM

I'm building a dual firewall solution for exchange.

Currently, I also have people connecting VPN to the PIX 515E.

Internet ==vpn== 5505 == LAN

Looking to set up

PIX515E ==dmz== Edge server == ASA 5505 == LAN

In a setup like this, which device should I have people connect VPN to? The pix will be the only device directly connected to the internet. Everything else will be natted.

Labels:
0 Helpful
3 Replies 3

manish arora
Level 6
Level 6

‎01-20-2012 12:11 PM

The Pix515 for vpn as you dont want to have NATTED vpn headend. Also, I am not sure why do you want :-

PIX515E ==dmz== Edge server == ASA 5505 == LAN

Rather than

Internet ---------  ASA5505 == Lan

                          ||

                       DMZ servers

Manish

0 Helpful

akblackwel
Level 1
Level 1
In response to manish arora

‎01-20-2012 12:52 PM

Most of the documentation I've been reading has suggested that

PIX515E ==dmz== Edge server == ASA 5505 == LAN

seemsto be the best practices setup config for exchange with an edge server.

http://www.netometer.com/blog/?p=70

http://msmvps.com/blogs/ehlo/archive/2007/08/16/1116308.aspx

0 Helpful

manish arora
Level 6
Level 6
In response to akblackwel

‎01-20-2012 02:36 PM

Not sure about these Blogs , but I have always seen firewalled Network with either Inside/Outside or Inside/outside/DMZ configuration only ( more often inside/outside/dmz ).

I think the inside( 100 )/outside ( 0 )/dmz ( 50 ) security setting would logically look like a Two firewall design as lower to higher traffic will be scaned against Firewall rules etc.

Manish

0 Helpful
Customers Also Viewed These Support Documents