Configuring PIX Firewall
am 27.09.2006 23:15:41 von John DaileyHello,
I'm having to configure a PIX 515e firewall that's on our network, but
know very little about networking. A 'show version' results in:
Cisco PIX Firewall Version 6.3(4)
Cisco PIX Device Manager Version 3.0(2)
We have a block of addresses that I would like to share between the DMZ
and Internal interfaces, with the PIX inspecting packets on the way.
Here's an example:
We're provided a network segment 1.2.3.128/255.255.255.128 with
1.2.3.129 as the gateway to the rest of the world.
I'd like to divvy up 1.2.3.130-254 between the internal and dmz, but it
seems like the best I can do is give 32 addresses to the dmz and 64 to
the internal, and then the other 32 are wasted on the outside interface.
I don't want to waste those extra addresses, but we want everything
behind the firewall.
Surely there's a way to do this? It seems like it should be a very
common scenario. The only vaguely workable solution I've found is to do
192.168.x.x networks on inside and dmz and then do static maps between
the addresses. But that is a configuration nightmare for us because DNS
is completely broken for our machines that need to access other of our
machines.
Any help is greatly appreciated.
-John Dailey