Firewall Wizards: R: PIX DMZ inter-access via outside IP address

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

R: PIX DMZ inter-access via outside IP address

From: "edp" <edp.lists () acerbis it>
Date: Thu, 11 Dec 2003 17:47:52 +0100

The solution was to use non-Internet
routable addresses between the PIX and the router.



Solution suggested to me in the past, but very problematic if you use
the pix also as vpn/ipsec public termination device, thus requiring a
public ip address.

In a scenario similar to that depicted by you, my quick and dirty
workaround was to configure two ip addresses for each dmz machine (the
internal private one and another ip corresponding to the public one) so
the servers was able to communicate without routing tricks with both
addresses.

However, when possible and when communication without using name
resolution isn't mandatory, I tend to use a dns split horizon solution.


.FT




_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

PIX DMZ inter-access via outside IP address Keith Anderson (Dec 06)
- Re: PIX DMZ inter-access via outside IP address Jason Ostrom (Dec 10)
- RE: PIX DMZ inter-access via outside IP address Andy Lyakhovetskiy (Dec 11)
- <Possible follow-ups>
- RE: PIX DMZ inter-access via outside IP address Keith Anderson (Dec 10)
  - R: PIX DMZ inter-access via outside IP address edp (Dec 11)
- RE: PIX DMZ inter-access via outside IP address Keith Anderson (Dec 11)