Protect Your PIX
Keep your PIX firewall secure! In part 5 of our series of excerpts from the Cisco Press book, Cisco Secure Internet Security Solutions, you'll learn all about AAA authorization and why two DMZs are better than one.
Cisco Secure Internet Security Solutions - Chapter 4
by Andrew Mason, Mark Newcomb
Cisco Secure PIX Firewall - Part 5
Dual DMZ with AAA Authentication
This section introduces AAA authorization and creates two DMZs. This section focuses on the PIX configuration aspects of AAA. This section also introduces a failover PIX and access lists into this configuration.
Figure 4-8: Dual DMZ Configuration
(Click image for larger view in a new window)
Although there is a failover cable that connects the serial ports on the firewalls, you also added a hub on the inside interfaces to allow connectivity between the firewalls and the interior router in order to save interfaces on the interior router. You did the same between the outside interfaces of the firewalls and the exterior router. Both PIX Firewalls must have connectivity to both DMZs for the failover PIX to operate correctly, should the primary fail.
- 1
- 2
- 3
- 4
- 5
- Next Page »