Announcement

Collapse
No announcement yet.

Create DMZ with PIX 501

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Create DMZ with PIX 501

    I am trying to create a DMZ zone with PIX 501 firewall and a netgear switch. I have Verizon FIOS with one public IP address. The outside interface of the firewall is connected to FIOS demarc and the inside interface has a LAN address rabge of 192.168.1.x 255.255.255.0.
    ip address outside 1.1.1.1 255.255.255.0
    ip address inside 192.168.1.1 255.255.255.0
    The Netgear switch (acctually it a wireless router but im only using as a switch) is connected to the firewall inside LAN port. The netgear IP range is 10.10.111.x 255.255.255.0. What i would like to do is have a web server on the Netgear (DMZ) switch with an IP address of 10.10.111.10.

  • #2
    Re: Create DMZ with PIX 501

    Originally posted by Michael19ave View Post
    I am trying to create a DMZ zone with PIX 501 firewall and a netgear switch. I have Verizon FIOS with one public IP address. The outside interface of the firewall is connected to FIOS demarc and the inside interface has a LAN address rabge of 192.168.1.x 255.255.255.0.
    ip address outside 1.1.1.1 255.255.255.0
    ip address inside 192.168.1.1 255.255.255.0
    The Netgear switch (acctually it a wireless router but im only using as a switch) is connected to the firewall inside LAN port. The netgear IP range is 10.10.111.x 255.255.255.0. What i would like to do is have a web server on the Netgear (DMZ) switch with an IP address of 10.10.111.10.
    The PIX 501 only supports two interfaces, Inside and Outside. No DMZ. Although the pix 501 has 4 inside interfaces, the PIX 501 OS treats tham as one.
    With the pix 501, you have to create a static route to your net gear switch, then create some access rules and nat tables.

    now your desc is not really clear, but I bet you have the netgear wan port connect to the inside port of the pix. There fore your using the netgear as a inside router.

    if this is the case, you config should look like...

    access-list acl_outside permit tcp any host 10.10.111.10 eq www
    access-list acl_outside in interface outside
    static (inside,outside) tcp interface www 10.10.111.10 www netmask 255.255.255.255
    route inside 10.10.111.0 255.255.255.0 192.168.1.X (X being the address of the netgear WAN port in the 192.168.1.0 subnet)

    Now a more simpler way is to connect the netgear inside lan ports to the pix inside lan ports, disable the netgear's dhcp, and put everything on one network. 192.168.1.0/24 You may need a x-over cable for the switch to switch, depends on the netgear.

    if you did that then your config would look like. (192.168.1.10 being the web server)

    access-list acl_outside permit tcp any host 192.168.1.10 eq www
    access-list acl_outside in interface outside
    static (inside,outside) tcp interface www 192.168.1.10 www netmask 255.255.255.255

    Cheers

    Andre

    Comment

    Working...
    X