Networks

Question

Gravatar
0 Votes
Locked

PIX 501 Subnet Change and DMZs

By kramer9 ·
I have a pair of Cisco 501's. Both on the same subnet (obvisouly not physically) - 192.168.2.x

I now want to create a DMZ with one of the PIX's so I need to change the outside interface to something like 192.168.3.x and leave the other PIX at 192.168.2.x

The 'new' 192.168.3.x will not allow me to change the outside interface due to the disable DHCP server configuration.

What am I doing wrong? Or should I just keep the outside interface DHCP and let a DHCP server give it a 192.168.3.x lease?

Or is there some step by step somewhere on setting up nested firewalls that I need to read up on?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

gravatar
Collapse -

duh

by kramer9 In reply to PIX 501 Subnet Change and ...

Meant to say the outside interface s/b 192.168.2.x and the inside s/b 192.168.3.x

But same problem, just typed it wrong.

gravatar
Collapse -

Outside WAN interface

by CG IT In reply to duh

if your other PIX can provide it with an IP address on the subnet you want, then leave it dynamic.

The perimeter PIX LAN interface should be on the same subnet of the inside PIX WAN interface anyway so you configure the PIX WAN to obtain an address, and DNS servers via DHCP. Specify the default gateway and the perimeter PIX LAN address.

Nothing really different here in creating a DMZ than with any other router [excpet you do it via CLI or SDM].

Back to Networks Forum

Start or search

Related Discussions

Related Forums