PIX DMZ Config help

PIX DMZ Config help
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
PIX DMZ Config help Bob 11-05-2007
Posted by Bob on November 5, 2007, 1:07 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

Here is what I am trying to do.

I have a PIX with 3 interfaces, inside, outside & DMZ.

I have a server connected to the DMZ interface, the server can ping
the DMZ interface Ok.

I have a server on the inside interface that I would like to access
the DMZ server.

The inside server is on 192.168.1.x, the DMZ interface and DMZ server
are on 192.168.2.x.

I have added a 192.168.2.x IP to the inside server and added this
route to my PIX:

static (inside,DMZ0 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0.

Is this right or am I missing something as the inside server cannot
ping the DMZ server.

Regards
Paul.


Posted by mcaissie on November 5, 2007, 3:10 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
you need

static (inside,DMZ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0

This way your inside subnet is translated for itself on the DMZ. In other
words
it make the inside subnet visible to your DMZ.

The way you put it doesn't accomplish anything . What you are saying to the
PIX is translate the inside address of 192.168.2.0 for itself on the DMZ.
But you don't have any device on the inside at 192.168.2.0.



> Hi,
>
> Here is what I am trying to do.
>
> I have a PIX with 3 interfaces, inside, outside & DMZ.
>
> I have a server connected to the DMZ interface, the server can ping
> the DMZ interface Ok.
>
> I have a server on the inside interface that I would like to access
> the DMZ server.
>
> The inside server is on 192.168.1.x, the DMZ interface and DMZ server
> are on 192.168.2.x.
>
> I have added a 192.168.2.x IP to the inside server and added this
> route to my PIX:
>
> static (inside,DMZ0 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0.
>
> Is this right or am I missing something as the inside server cannot
> ping the DMZ server.
>
> Regards
> Paul.
>



Posted by poal on November 8, 2007, 2:29 am
If you were  Registered and logged in, you could reply and use other advanced thread options
You can try adding
static (inside,DMZ0 192.168.2.0 192.168.1.0 netmask 255.255.255.0 0 0)

Let's see, the problem solves or not?




> Hi,
>
> Here is what I am trying to do.
>
> I have a PIX with 3 interfaces, inside, outside & DMZ.
>
> I have a server connected to the DMZ interface, the server can ping
> the DMZ interface Ok.
>
> I have a server on the inside interface that I would like to access
> the DMZ server.
> static (inside,DMZ0 192.168.2.0 192.168.1.0 netmask 255.255.255.0 0 0.


> The inside server is on 192.168.1.x, the DMZ interface and DMZ server
> are on 192.168.2.x.
>
> I have added a 192.168.2.x IP to the inside server and added this
> route to my PIX:
>
> static (inside,DMZ0 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0.
>
> Is this right or am I missing something as the inside server cannot
> ping the DMZ server.
>
> Regards
> Paul.



Similar ThreadsPosted
Netscreen 5GT config February 27, 2005, 2:56 am
Cisco Pix 506 config March 31, 2005, 10:00 am
Kerio Config June 29, 2006, 8:13 am
pix 506 config change help March 21, 2007, 8:14 am
firewall config April 15, 2008, 7:17 pm
sunscreen config hangs November 16, 2004, 9:21 am
Zone Alarm Config November 25, 2004, 4:35 pm
duplicating config tz170 > tz 170 April 30, 2005, 7:54 pm
config ipcop firewall December 18, 2005, 5:50 am
ASA 5510 ospf config with pix 501 August 30, 2006, 8:31 pm

The site map in XML format XML site map

Contact Us | Privacy Policy