Re: Help with PIX specification

From: Michael J. Pelletier (mjpelletier_at_mjpelletier.com)
Date: 12/10/04 

Date: Thu, 09 Dec 2004 17:45:11 -0800

Paul Smith wrote:

> I am currently investigating and preparing tests for a CISCO Pix
> 515E(UR) but am struggling with the liturature.
> Given the fact that the PIX is not a router I need to assess whether it
> is capable or not or dealing with our current LAN setup, and the changes
> necessary
> if any so that the configuration would work.
>
> Current Setup
>
> Cisco 2600 with 2 FE ports.
>
> The external FE port has 3 sub interfaces configured.
> F0/0.1 ? 172.16.1.1/16 (internet access through ISP proxy)
> F0/0.2 ? 195.26.26.26/248 (Direct VPN access external clients)
> F0/0.3 ? 195.23.23.23/248 (Direct VPN access extranet)
>
> The internal FE port has 1 address configured and is used to route to
> the different sub interfaces, and is connected to the internal network.
>
> F1/0 ? 150.1.60.223/224
>
> There is an additional ADSL connection which is used for VPN access
> backup.
>
> ADSL ? 195.57.57.57/248
>
> -----------------------------------------------------------
> 172.16.1.1/16 195.23.23.23/248
> | |
> | 195.26.26.26/248 |
> | | |
> | | |
> F0/0.1--------F0/0.2 ------F0/0.2
> |
> |
> F0/0
> |
> -----------
> |Cisco 2600|
> -----------
> |
> F1/0
> |
> |
> 192.168.26.1/24
> |
> |
> ADSL ----------------- Internal LAN
>
> -----------------------------------------------------------
>
> I would like to ensure that all connections go through the CISCO PIX.
>
>
> -----------------------------------------------------------
> 172.16.1.1/16 195.23.23.23/248
> | |
> | 195.26.26.26/248 |
> | | |
> | | |
> F0/0.1--------F0/0.2 ------F0/0.2
> |
> |
> F0/0
> |
> -----------
> |Cisco 2600|
> -----------
> |
> F1/0
> |
> |
> 192.168.26.1/24
> |
> |
> ADSL -------------------- CISCO PIX
> |
> |
> Internal LAN
>
> -----------------------------------------------------------
>
>
>
> So the questions are:
> Is it possible to enable this configuration in the PIX?
> How many interface cards would be necessary for the configuration?
> Any other advice or recommendations would be welcome..

I think I understand what you are trying to do. I do not understand what
these interface are for:

F0/0.2 ? 195.26.26.26/248 (Direct VPN access external clients)
F0/0.3 ? 195.23.23.23/248 (Direct VPN access extranet)

I take it that F0/0.2 is when your external (via the Internet) clients
connect to your VPN box. Right? What is the other for? Is it for
site-to-site VPN?

Michael

Relevant Pages

  • Re: PIX FireWall and SBS
    ... >> PIX. ... >> in controlling access to the internet. ... >> To configure your PIX for use with a DSL PPoE DHCP connection use the ... >> If Earthlink do not use PPoE the configuration above won't be usable. ...
    (microsoft.public.windows.server.sbs)
  • Re: PIX FireWall and SBS
    ... >> PIX. ... >> in controlling access to the internet. ... >> To configure your PIX for use with a DSL PPoE DHCP connection use the ... >> If Earthlink do not use PPoE the configuration above won't be usable. ...
    (microsoft.public.windows.server.sbs)
  • Re: PIX FireWall and SBS
    ... >> PIX. ... >> in controlling access to the internet. ... >> vpdn group ISP ppp authentication pap ... >> If Earthlink do not use PPoE the configuration above won't be usable. ...
    (microsoft.public.windows.server.sbs)
  • Re: Designated NICs
    ... Since the 192.x.x.x is configured as the external NIC card to be on the PIX ... DMZ switch, would this subnet be consider internal or external? ... > Microsoft Internet Security & Acceleration Server: ... >> configuration, I was able to select and configure the internal network but ...
    (microsoft.public.isa.configuration)
  • Re: Help with PIX specification
    ... As well for adsl it has a PPPoE client ... What do you need the pix to do? ... >> the different sub interfaces, and is connected to the internal network. ... >> Is it possible to enable this configuration in the PIX? ...
    (comp.security.firewalls)