Urgent Help with Connecting 2 Pix 515e

Hi,

I would like to be able to do as per the diagram below. How do i go about getting traffic from inside FW1 to inside FW2, or DMZ4 FW1 to DMZ3 FW 2 ?

I've done something similar in the past to use a pair of 515e's as a vpn concentrator and a pair of 525s as the primary network firewall.

The 515e's ran 7.0.4 PixOS, the 525s ran 6.3.4.

I set up an interface on each side to be a transit link. I used a /30 address on that link and added routes to each side to reach the other side.


remove the hub connecting the 2 dmzs. you can't dynamically change the default gateway of the hosts on the dmzs, so FW1 people won't be able to get to DMZ2 without first passing through FW2. Connecting the DMZs in this way won't give you any benefit and wastes hardware.

Use the hub for your transit link and be prepared to do a lot of testing. The Pix is not a router, but it does have a little bit of router functionality. You can get it to work. Just pay careful attention to security levels, acls, and routes and you should have it working in no time.