DMZ with Redundant Pix 525's

Discussion in 'Cisco' started by Newbie72, Jul 27, 2006.

  1. Newbie72

    Newbie72 Guest

    Our company currently has 2 Cisco Pix 525 configured redundantly via
    cisco cable. We are going to start hosting our own Web site within the
    next month. One of the things I wanted to do was create a dmz area
    using the Cisco PIx's. I imagine the easiest way would be to connect
    both ethernet interfaces on the pix to an unmanged switch so if one
    went down the other would still be able to communicate to the server.
    The unfortunate scenario would be if the switch went down well then we
    are our of luck.

    Is there a better way?

    thanks,

    Steven Johnson
     
    Newbie72, Jul 27, 2006
    #1
    1. Advertising

  2. "Newbie72" <> wrote in message
    news:...
    > Our company currently has 2 Cisco Pix 525 configured redundantly via
    > cisco cable. We are going to start hosting our own Web site within the
    > next month. One of the things I wanted to do was create a dmz area
    > using the Cisco PIx's. I imagine the easiest way would be to connect
    > both ethernet interfaces on the pix to an unmanged switch so if one
    > went down the other would still be able to communicate to the server.


    > The unfortunate scenario would be if the switch went down well then we
    > are our of luck.


    or the internet link went down ...
    or the power to the PIX's - sounds like you have both PIX's closely
    together, since you are using FO cable.
    Consider a LAN Based FO.
    Read the Cisco guidelines for FO fundamentals - this will give you the
    answers.
    I would not have a unmanaged switch at all.
    Get a switch that aleast can do Private VLANs (port protected) in the DMZ -
    This is urgent !
    Remember to have a ACL assigned to the DMZ interface aswell - This is urgent
    !

    HTH
    Martin Bilgrav

    >
    > Is there a better way?
    >
    > thanks,
    >
    > Steven Johnson
    >
     
    Martin Bilgrav, Jul 27, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JammyKat

    VPN from Inside to DMZ of 525 PIX

    JammyKat, Oct 20, 2003, in forum: Cisco
    Replies:
    1
    Views:
    414
    Walter Roberson
    Oct 20, 2003
  2. Stuart Kendrick

    redundant switches / redundant server NICs

    Stuart Kendrick, Aug 9, 2004, in forum: Cisco
    Replies:
    4
    Views:
    4,493
    Stuart Kendrick
    Aug 10, 2004
  3. Network-Guy

    Cisco PIX DMZ to DMZ Access

    Network-Guy, Sep 23, 2005, in forum: Cisco
    Replies:
    7
    Views:
    3,901
    Walter Roberson
    Sep 25, 2005
  4. zacharydenison
    Replies:
    0
    Views:
    438
    zacharydenison
    Mar 17, 2006
  5. Replies:
    4
    Views:
    3,444
    networksecurity
    Mar 23, 2006
Loading...

Share This Page