PIX dual homed for internal routing
- From: edavid3001@xxxxxxxxx
- Date: Thu, 28 Jun 2007 08:35:34 -0700
I have a PIX 515E with 3 NICs. I am not a "Cisco guy" so my
experience is somewhat limited. I have worked with other similar
products from other vendors.
I will be using the PIX to provide VPN access and VPN access only. I
will be placing the VPN outside NIC into my DMZ with a public IP
address.
I have a single address space /28 that makes up my logical DMZ. I
have this split across multiple physical DMZ networks by utilizing
host level routing. The range doesn't really exist as a network
anywhere, if you follow.
I have made a request of my ISP for additional address space, which is
taking a long time.
Each device has a public IP (1.2.3.4) as well as a private IP
(192.168.0.1) My other firewall has routing in place to get to
1.2.3.4 mask 255.255.255.255 via 192.168.0.1 and then to get to
1.2.3.5 mask 255.255.255.255 via 192.168.100.1. And so on. I don't
like this, but this is what I have & it works.
The problem is I can't seem to multihome the PIX and give it both an
private IP and a public IP address. AFAIK the PIX doesn't support
this. Is there any way around this, shy another router between the
PIX and the DMZ? I was able to stick another router in place and make
this all work the way I want -- except I don't want another physical
router just for this.
I have 3 NICs on the PIX, I really only need two. I want outside in
my DMZ, Inside on my inside, and I really don't need the 3rd. Can I
utilize that 3rd NIC somehow and have the PIX route from it to the
public IP address on the 'OUTSIDE' which doesn't plug into a real
logical network? So far all attempts fail with "no route to /
dmzsourceip/ from /outside/" as if the PIX was accepting the traffic
on the 3rd NIC, but sending the response from the outside NIC.
.
- Prev by Date: Help with PBR
- Next by Date: Re: BGP
- Previous by thread: Help with PBR
- Next by thread: ARP?
- Index(es):
Relevant Pages
|
