Re: PIX + ISA(Please help ASAP)

You wrote..

If you don't want to make any LAN design changes then the PIX and the ISA
have to be "side-by-side" where would operate independently of each
other.

My question:

If run in this mode as you suggested in the first place then do I need two
public IP address? Please let me know little bit more. I am new to ISA and
PIX stuff. I don't know a lot about this.

Aleem

"Phillip Windell" wrote:

[LAN]---172.x.x.x---[ISA]---10.x.x.x---[PIX]---<public addresses>

The 10. address would be a "Back-to-Back DMZ".
They are usually private.
Remember that DMZs are not simple to deal with and usualy get in your way
more than they do "hackers".

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those of
my employer or anyone else associated with me.
-----------------------------------------------------

"SUPERG" <SUPERG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DCBE9226-7B99-4369-94FA-80103A1799C9@xxxxxxxxxxxxxxxx
When you said new IP range I am guessing it is a private IP range?

Public IP PIX-Private IP (10.x.x.x)--ISA Private IP (10.X.X.X) ---ISA
Private IP (172.x.x.x)---LAN

"Phillip Windell" wrote:

If you don't want to make any LAN design changes then the PIX and the ISA
have to be "side-by-side" where would operate independently of each
other.

If you put the ISA behind the PIX, then you will be creating a
Back-to-Back
DMZ between them which requires a new IP Range for that purpose.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com

The views expressed are my own (as annoying as they are), and not those
of
my employer or anyone else associated with me.
-----------------------------------------------------


"SUPERG" <SUPERG@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:138B7D86-8182-4EFE-AEF1-D83C52273353@xxxxxxxxxxxxxxxx
Need urgent help.. Plese reply with sample's or links to websites...

I have a PIX then LAN (NO DMZ). I want to bring ISA 2004 in the network
with
out taking out my PIX.

PIX--->ISA--->LAN

How to acheive this with out making lot of changes to PIX
configuration.Or
do I have make any changes to PIX?

There will be two NICS in ISA and both will use private IP address
PIX outside INT will be connected to internet and Inside INT will be
connected to private IP.

Thanks for you help.






.

Relevant Pages

  • Re: Firewall Frage
    ... Je nach dem welche PIX du dir zulegst, ist die PIX in der Anschaffung sogar ... günstiger als ein ISA Server! ... Nun zum Thema VPN: ...
    (microsoft.public.de.german.isaserver)
  • Re: ISA Configuration question
    ... ISA does *not* require itself to be the Default Gateway of the Clients. ... If you want the ISA to be only used for HTTP/HTTPS and browser-based FTP ... Leave the PIX as the Default Gateway like it already is. ... add the static routes for the public addresses. ...
    (microsoft.public.isa)
  • Re: ISA Server inside a private network ???
    ... Effectively that is what you do with a back-to-back DMZ. ... Insert the ISA between the regular LAN and the DMZ. ... As far as the PIX is concerned the DMZ *is* the Private LAN,...it doesn't know ...
    (microsoft.public.isa)
  • Re: Security
    ... I would use a combination for your network layout:) You could use ISA ... depth and the PIX allows unnecessary/unwanted traffic to be removed on the ... Subsequently I would use two Nics in your SBS server with the topology ... how do I open ports to allow e-mail to come directly to my ...
    (microsoft.public.windows.server.sbs)
  • Re: CSS cant talk to array members in workgroup config
    ... Trying to play the "port" game with RPC across a basic L3 ... PIX doesn't understand RPC, but ISA does. ...
    (microsoft.public.isa.enterprise)
Loading