Cisco - PIX 506E config question

07-06-2006, 10:42 PM

Hi All,

I'm looking to secure a webserver on a DMZ with a PIX 506E. I want to isolate the webserver from my home LAN and for both the webserver and LAN to receive and send traffic from the internet through the PIX. I also need very tight control of the traffic between the DMZ and the home LAN.

Do I need a VLAN enabled switch behind the PIX to achieve this? If so, is there any recommendation on the type of switch I should use. Is it a reasonable idea to set up the DMZ on a VLAN off this switch?

Am I barking up the wrong tree completely or is this setup reasonable?

Thanks in advance
Pat

patnliz

keshav · 07-08-2006, 07:02 AM

If it is for SOHO purpose ,you can use only 1 switch cisco switch preferably and configure multiple vlans for different zones and configure the same in pix.

Through access-lists , static nat & Pat , default route you can control what you want.

Btw what is your internet connection ? cable modem ? dsl ? leased line ?

patnliz · 07-08-2006, 06:56 PM

Hi Keshav,

Thanks for replying.

The setup is for SOHO only. My internet connection is ADSL and I understand this has a low upload bandwidth which will determine the performance of the website. Are there other issues with it being ADSL?

I intend getting some second hand Cisco kit to go through the technical excercise of setting this up and securing it properly. BTW, I've not tried this type of thing before.

The PIX looked like a good option to me because of its 2nd hand prrice, its VLAN capability and the possibility that I could isolate the DMZ on it.

ethernet adsl modem --> PIX --> Cisco Switch.

I think the setup is for a VLAN off the switch for the DMZ and a subnet (or VLAN) off the switch for my home LAN. I understand I have to do some config of the PIX to achieve this, and possibley the switch as well.

I currently have an Alcatel wireless dsl router which currently works fine but I need some practise with cisco kit.

Does the PIX have 1 output ethernet port only?
Any recommendations about the switch, like the Cisco type and model, so I can read up about it to make sure I understand what it can do?

As I'm new to this, is there a book/web resource I can have a read of to better understand what you are suggesting along the way?

Thanks again for the help, I can post a JPEG picture of what I'm after if you like?

As I say, I want to learn a lot more about Cisco kit.

Thanks
Pat

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

07-06-2006, 10:42 PM	#1
	PIX 506E config question Hi All, I'm looking to secure a webserver on a DMZ with a PIX 506E. I want to isolate the webserver from my home LAN and for both the webserver and LAN to receive and send traffic from the internet through the PIX. I also need very tight control of the traffic between the DMZ and the home LAN. Do I need a VLAN enabled switch behind the PIX to achieve this? If so, is there any recommendation on the type of switch I should use. Is it a reasonable idea to set up the DMZ on a VLAN off this switch? Am I barking up the wrong tree completely or is this setup reasonable? Thanks in advance Pat patnliz

07-08-2006, 07:02 AM	#2
keshav Junior Member Join Date: Jun 2006 Posts: 15	If it is for SOHO purpose ,you can use only 1 switch cisco switch preferably and configure multiple vlans for different zones and configure the same in pix. Through access-lists , static nat & Pat , default route you can control what you want. Btw what is your internet connection ? cable modem ? dsl ? leased line ?

07-08-2006, 06:56 PM	#3
patnliz Junior Member Join Date: Jun 2006 Posts: 4	Hi Keshav, Thanks for replying. The setup is for SOHO only. My internet connection is ADSL and I understand this has a low upload bandwidth which will determine the performance of the website. Are there other issues with it being ADSL? I intend getting some second hand Cisco kit to go through the technical excercise of setting this up and securing it properly. BTW, I've not tried this type of thing before. The PIX looked like a good option to me because of its 2nd hand prrice, its VLAN capability and the possibility that I could isolate the DMZ on it. ethernet adsl modem --> PIX --> Cisco Switch. I think the setup is for a VLAN off the switch for the DMZ and a subnet (or VLAN) off the switch for my home LAN. I understand I have to do some config of the PIX to achieve this, and possibley the switch as well. I currently have an Alcatel wireless dsl router which currently works fine but I need some practise with cisco kit. Does the PIX have 1 output ethernet port only? Any recommendations about the switch, like the Cisco type and model, so I can read up about it to make sure I understand what it can do? As I'm new to this, is there a book/web resource I can have a read of to better understand what you are suggesting along the way? Thanks again for the help, I can post a JPEG picture of what I'm after if you like? As I say, I want to learn a lot more about Cisco kit. Thanks Pat