Home page logo

basics logo Security Basics mailing list archives

RE: PIX help-- DMZ to DMZ using outside addresses
From: "Keith Anderson" <keith () purescience com>
Date: Fri, 5 Dec 2003 13:42:57 -0700

Just as a follow-up, the solution was to use non-Internet routable addresses
between the PIX and the router.  Before, packets destined to the outside
interface would get ignored by the router because they were assumed to be
destined for a device on that domain.  Now that it has a different IP class,
the router redirects those packets back to the PIX, and communication using
the Internet addresses works on all interfaces.

Seems obvious now that it was pointed out to me.  More evidence that I need
a vacation.

Thanks to everyone that sent advice on this problem.

This one is driving me crazy.  I've got a client with a PIX 520, four
interfaces, with the following configuration:

  Interface 0, the "outside" with public IP address 1.1.1.x (not their
actual address range)
     connected to a Cisco 3640 router, T1 to the Internet,
router address

  Interface 1, the "inside", the executives (about 10 workstations)
     several Cisco Catalyst switches, all layer 2

  Interface 2, the DMZ with two servers ( and
     one Cisco Catalyst switch

  Interface 3, the "inside2", the rest of the company (about 60
     several Cisco Catalyst switches, all layer 2


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]