Configure Cisco Pix 515 with DMZ and no NAT

Posted by Rickard on Server Fault See other posts from Server Fault or by Rickard
Published on 2012-12-10T17:44:28Z Indexed on 2012/12/10 23:06 UTC
Read the original article Hit count: 410

Filed under:
|
|

I hope that someone could shed some light over my situation, as I am fairly new to PIX configurations.

I will be getting a new net for my department, which I am going to configure. At my hands, I have a Cisco PIX 515 (not E), a Cisco 2948 switch (and if needed, I can bring up a 2621XM router, but this is my private and not owned by my dept.).

The network I will be getting is the following:

10.12.33.0/26 Link net between the ISP routers and my network will be 10.12.32.0/29 where GW is .1 and HSRP roututers are .2 and .3

The ISP has asked me not to NAT the addresses on my side, as they will set it up to give 10.12.33.2 as a one-to-one nat to a public IP. The rest of the IP's will be a many-to-one NAT to another public IP.

10.12.33.2 is supposed to be my server placed on the DMZ, the rest of the IP's will be used for my clients and the AD server (which is currently also acting as a DHCP server in the old network config with another ISP).

Now, the question is, how would I best configure this? I mean, am I thinking wrong here, I am expected to put the PIX first from the ISP outlet, then to the switch which will connect my clients. But with the ISP routers being on a different network, how will the firewall forward the packets to the other network, it's a firewall, not a router.

I have actually never configured a pix before, and fortunately, this is more like a lab network, not a production network, so if something goes wrong it's not the end of the world, if though annoying.

I am not asking for a full configuration from anyone, just some directions, or possibly some links which will give me some hints.

Thank you very much!

© Server Fault or respective owner

Related posts about cisco

Related posts about cisco-asa