Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

[Re: PIX 500 as ROUTER ONLY]

From: Luke Butcher <luke.butcher () alphawest com au>
Date: Mon, 17 Nov 2003 08:50:47 +1100

Apologies: I'll resend as text only.

On Wed, 2003-11-12 at 05:47, Michael Leland wrote: 

I have a PIX 500 that I want to use to connect two public IP networks.
I don't need to provide much security support, simply use it as a simple
router between subnets.  Any ideas???


Michael,

You can do it, just add some static routes in it. And then make the
access lists permit ip any any type stuff.

Note however a pix's (as any firewall) primary job is to block packets
as opposed to a router. So it's going to take a block by default type
stance to anything not specified otherwise. This may cause you a lot of
headaches in the future.

Companies like Netgear, Linksys, D-Link etc. are selling cheap (couple
of hundred bucks) layer 3 switches. It might worth purchasing on of
these. They will do the job of routing based in some simple statics. If
it's more complex than that do yourself a favour and get a proper
router.
I suggest these as obviously your two public nets are terminated as
Ethernet being that you are looking to use a 501.

Regards,
Luke Butcher
Network/Security Consultant
Alphawest
www.alphawest.com.au
--


Alphawest Disclaimer

---------------------------------------------------------------------------
If this communication is not intended for you and you are not an authorised
recipient of this email you are prohibited by law from dealing with or
relying on the email or any file attachments. This prohibition includes
reading, printing, copying, re-transmitting, disseminating, storing or in
any other way dealing or acting in reliance on the information.
If you have received this email in error, we request you contact Alphawest 
immediately by returning the email to postmaster () alphawest com au and
destroy the original. This email is confidential and may contain privileged
client information. Alphawest  has taken reasonable steps to ensure the
accuracy and integrity of all its communications, including electronic
communications, but accepts no liability for materials transmitted.
---------------------------------------------------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: