PIX and VIPs

• Next message: Jason Lewis: "RE: PIX and VIPs"
• Previous message: Jared Mauch: "Re: [nsp] call completion on as5300"
• Next in thread: Jason Lewis: "RE: PIX and VIPs"
• Reply: Jason Lewis: "RE: PIX and VIPs"
• Reply: Christopher Neill: "Re: PIX and VIPs"
• Reply: Nimesh vakharia: "Re: PIX and VIPs"
• Maybe reply: Karyn Ulriksen: "RE: PIX and VIPs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

I've been using PIX for pretty straight forward 2 interface with or without
NAT to multiple servers for a while. I think that the PIX can also do the
following scenario, but not sure. Can someone confirm?

    ethernet0
    outside [1.1.1.2/24]----\
    global [64.1.x.x/28] \ ethernet1
    global [64.2.x.x/27] -- inside [10.1.1.1/16]
    global [64.3.x.x/29] /
    global [64.4.x.x/29]----/

The goal is to permit virtual IP addresses on servers inside the firewall.
If it makes sense, I would like to elimate NAT and use ipforwarding to route
subnets to primary interfaces behind the firewall.

I have been told that PIXs can only handle one subnet behind a firewall per
inside NIC. However, I have seen diagrams with routers behind the firewall
which leads me to believe that I can forward subnets to a routing device
(such as a router or server loaded with VIPs). Can I still set up conduits
for the VIPs (ie 64.2.x.x/27 forwarded to server x)?

Karyn

• Next message: Jason Lewis: "RE: PIX and VIPs"
• Previous message: Jared Mauch: "Re: [nsp] call completion on as5300"
• Next in thread: Jason Lewis: "RE: PIX and VIPs"
• Reply: Jason Lewis: "RE: PIX and VIPs"
• Reply: Christopher Neill: "Re: PIX and VIPs"
• Reply: Nimesh vakharia: "Re: PIX and VIPs"
• Maybe reply: Karyn Ulriksen: "RE: PIX and VIPs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:39 EDT