Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Pix 506e and DMZ

Pix 506e and DMZ 9 years 10 months ago #19262

  • Okie
  • Okie's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
I need to put an FTP server in a DMZ using a Pix 506e. Can someone point me to some configuration examples. The 506e has only 2 physical interfaces so the DMZ will have to be on a vlan, but most examples I have seen were written for Pix's with additional physical interfaces. I am having trouble wrapping my feeble mind around the concept. Thanks.
The administrator has disabled public write access.

Re: Pix 506e and DMZ 9 years 10 months ago #19716

  • danherbon
  • danherbon's Avatar
  • Offline
  • Frequent Member
  • Posts: 24
  • Karma: 0
I'm looking for the same information. I am trying to move a test webserver into the DMZ on a 506E as well.
The administrator has disabled public write access.

Re: Pix 506e and DMZ 9 years 10 months ago #19720

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Sorry but i have not tried this before. Appart from setting this up using two firewalls and creating a DMZ between them, the only other thing is to configure it using 802.1q trunk to send over two VLAN's to a VLAN Switch.

This way you can segment the traffic into two VLAN's and route the traffic in this manor using virtual interfaces. sorry i have not tried this config though, maybe someone else can advise on the steps

I have pulled this off Cisco's site which supports my idea
"VLAN-based virtual interfaces:

· Provides increased flexibility when defining security policies and eases overall integration into switched network environments by supporting the creation of logical interfaces based on IEEE 802.1q VLAN tags, and the creation of security policies based on these virtual interfaces
· Supports multiple virtual interfaces on a single physical interface through VLAN trunking, with support for multiple VLAN trunks per Cisco PIX Security Appliance
· Supports up to 2 VLANs on a Cisco PIX 506E Security Appliance, providing a low-cost DMZ-enabled security solution that enables businesses to securely host Web servers, e-mail servers, and other services with the Internet or extranet environments"
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Pix 506e and DMZ 9 years 9 months ago #20100

  • danherbon
  • danherbon's Avatar
  • Offline
  • Frequent Member
  • Posts: 24
  • Karma: 0
With the help of d_jabsd, this is what we came up with. I did some preliminary testing over the weekend and everything seemed to function. hopefully i'll be able to test more and roll it out live.

1. PIX506E going into Port19 on the 2950. Port 19 has been setup as a Trunk Link.

2. I then created two VLANs on the 2950. VLAN 10, 192.168.1.0, where my workstation is and VLAN 20, 10.10.100.0, where my test web server is.

3. On the PIX, I had two interfaces listed. Inside and Outside. Inside is was set to 192.168.1.1. I assigned VLAN ID of 10 to this interface to coincide with VLAN 10 on the 2950.

4. Then I created another interface on the PIX named DMZ with a parent of ethernet1. security level of 50, ip of 10.10.100.1. i assigned it to VLAN ID of 20.

From there I ran out of time. but everything seemed to function. hopefully later this week I'll be able ot play around more with the ACLs and statics to get it fully working.
The administrator has disabled public write access.
Time to create page: 0.077 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup