Connecting two Cisco PIX 515 as per following Picture

Discussion in 'Cisco' started by djjase, Mar 1, 2006.

  1. djjase

    djjase Guest

    djjase, Mar 1, 2006
    #1
    1. Advertising

  2. "djjase" <> wrote in message
    news:...
    > Hi,
    >
    > I would like to be able to setup a network as per this picture.
    >
    > (1) Is it possible ?

    yes it is


    > (2) How do I setup config for pc's in inside of FW1 to inside of FW2
    > etc ?


    do you need inside to inside access or do you need access to other segments
    aswell ?
    The best way is to create LAN-to-LAN tunnel between the two PIX firewalls

    HTH
    Martin Bilgrav

    >
    > http://i38.photobucket.com/albums/e134/djjase/firewall.jpg
    >
    Martin Bilgrav, Mar 1, 2006
    #2
    1. Advertising

  3. djjase

    mcaissie Guest

    You can also do

    --left firewall

    static (inside,DMZ2) 192.168.0.0 192.168.0.0 255.255.255.0 0.0
    route DMZ2 192.168.1.0 255.255.255.0 192.168.2.5

    -- right firewall

    static (inside,DMZ1) 192.168.1.0 192.168.1.0 255.255.255.0 0.0
    route DMZ1 192.168.0.0 255.255.255.0 192.168.2.1

    then proper access-list filtering



    "Martin Bilgrav" <> wrote in message
    news:ewcNf.12$2net.dk...
    >
    > "djjase" <> wrote in message
    > news:...
    >> Hi,
    >>
    >> I would like to be able to setup a network as per this picture.
    >>
    >> (1) Is it possible ?

    > yes it is
    >
    >
    >> (2) How do I setup config for pc's in inside of FW1 to inside of FW2
    >> etc ?

    >
    > do you need inside to inside access or do you need access to other
    > segments
    > aswell ?
    > The best way is to create LAN-to-LAN tunnel between the two PIX firewalls
    >
    > HTH
    > Martin Bilgrav
    >
    >>
    >> http://i38.photobucket.com/albums/e134/djjase/firewall.jpg
    >>

    >
    >
    mcaissie, Mar 1, 2006
    #3
  4. djjase

    djjase Guest

    Hi, Thank you for the information. There will be a need to be able to
    access different segments with certain ports.
    For Example.

    (1) Need to be able to SSH from Internet to 192.168.4.6 on DMZ 4, and
    Inside (192.168.1.0) of FW2(Right Hand)
    (2) Most of the data that needs to go between the two is all internet
    based. ie a pc inside FW1 connects to web server in DMZ3 on FW2 and
    Admin Server inside FW2
    (3) The servers in DMZ3 and Inside of FW 2 talk to each other via
    certain ports
    djjase, Mar 2, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jens Mander

    Per-to-Per is OK but no ICS

    Jens Mander, Jan 15, 2005, in forum: Wireless Networking
    Replies:
    4
    Views:
    691
    Carey Holzman
    Jan 23, 2005
  2. alex
    Replies:
    16
    Views:
    6,335
    Walter Roberson
    Nov 3, 2003
  3. Replies:
    5
    Views:
    5,822
    anilkarthik
    Jul 28, 2008
  4. Scott Townsend
    Replies:
    8
    Views:
    694
    Roman Nakhmanson
    Feb 22, 2006
  5. Stephen M
    Replies:
    1
    Views:
    654
    mcaissie
    Nov 14, 2006
Loading...

Share This Page