|Subject:||Configuring PIX Firewall|
|Posted by:||John Dailey (dail…@vinestechnology.net)|
|Date:||Wed, 27 Sep 2006|
I'm having to configure a PIX 515e firewall that's on our network, but
know very little about networking. A 'show version' results in:
Cisco PIX Firewall Version 6.3(4)
Cisco PIX Device Manager Version 3.0(2)
We have a block of addresses that I would like to share between the DMZ
and Internal interfaces, with the PIX inspecting packets on the way.
Here's an example:
We're provided a network segment 22.214.171.124/255.255.255.128 with
126.96.36.199 as the gateway to the rest of the world.
I'd like to divvy up 188.8.131.52-254 between the internal and dmz, but it
seems like the best I can do is give 32 addresses to the dmz and 64 to
the internal, and then the other 32 are wasted on the outside interface.
I don't want to waste those extra addresses, but we want everything
behind the firewall.
Surely there's a way to do this? It seems like it should be a very
common scenario. The only vaguely workable solution I've found is to do
192.168.x.x networks on inside and dmz and then do static maps between
the addresses. But that is a configuration nightmare for us because DNS
is completely broken for our machines that need to access other of our
Any help is greatly appreciated.