khaledeshah
ISP
I have a PIX 515E, with 3 interfaces, 2 of them are used, I want to use the third interface with different IP & subnet from the other two interfaces, how can I route the traffic to reach this 3rd interface.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Can I use it like this ??
- Thread starter khaledeshah
- Start date
- Status
Yes, that's how you must use it.
You probably have an "inside" and "outside" interface. Name the third one "dmz" or something and give it a security level between the other two.
To route traffic from this interface to the inside, you'll need access lists and NAT just as if it was an outside interface. It might be appropriate to statically nat all of your inside addresses rather than using global nat.
The same traffic rules which apply to inside->outside and vice-versa apply to inside->dmz, and to dmz->outside. For example, traffic will be generally allowed from dmz to outside, but not from dmz to inside without ACLs and NAT. Same for outside->dmz.
You probably have an "inside" and "outside" interface. Name the third one "dmz" or something and give it a security level between the other two.
To route traffic from this interface to the inside, you'll need access lists and NAT just as if it was an outside interface. It might be appropriate to statically nat all of your inside addresses rather than using global nat.
The same traffic rules which apply to inside->outside and vice-versa apply to inside->dmz, and to dmz->outside. For example, traffic will be generally allowed from dmz to outside, but not from dmz to inside without ACLs and NAT. Same for outside->dmz.
- Status
Similar threads
- Locked
- Question