GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: design issues, suggestions please. [7:70337] posted 06/08/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


How about adding a third interface to each PIX. Use that for the DMZ and
connect both PIXes for failover.

Internet---Router1--switch---PIX1-----------switch---Router2
                       |        |              | 
                       |      switch--DMZ      |
                       |        |              |
                       |-------PIX2------------| 
> -----Original Message-----
> From: Christian Purnomo [mailto:cpurn@xxxxxxxxx]
> Sent: Sunday, June 08, 2003 9:38 AM
> To: cisco@xxxxxxxxxxxxxx
> Subject: design issues, suggestions please. [7:70337]
> 
> 
> Hi all
> 
> I have 3 x 2621 routers and 2 x 515 pixes.  The setup I am 
> currently running
> is as follow:
> 
>   Internet --- Router1 --- PIX1 --- DMZ --- PIX2 --- Router2 --- LAN
> 
> Both routers and both PIXes  are both running full 
> access-list to protect
> inside interface.
> 
> I have another design in mind which is:
> 
> Internet --- Router1 --- PIX1 --- Router2 --- LAN
>                                       |
>                                       |
>                                     Router3
>                                       |
>                                       |
>                                      DMZ
> 
> 
> I prefer this design which I can use the other pix for 
> failover and also, I
> still can run access-list on both Router2 and Router3.
> 
> Is the second one a better design? I can't see much point 
> running 2 pixes
> with the same model on the first diagram.  I would more agree 
> to have dual
> firewall in diagram 1 if the second firewall is a different 
> firewall product.
> 
> Does anyone have any comment on this?
> 
> Thanks.
> 
> Christian.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70361&t=70337
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx