Cisco PIX... address transform...

- T
- The_Stradz
  
  Contact options for registered users
posted
18 years ago

Thu, Feb 16, 2006 8:49 PM

All,

Wonder if someone can point me in the right direction...? I have a PIX 515E that I'm using as an internal firewall in a classic internet | firewall | dmz | firewall | internal LAN config.

the inside (internal lan) interface address is 10.156.1.1/24 and the outside (dmz) address is 10.1.1.254/24. There are several hosts within the DMZ (10.1.1.20, 10.1.1.21, 10.1.1.22 etc).

Now what I want to do is reference a DMZ host (say 10.1.1.20) using an inside network IP address (10.156.1.40 say) - so that an internally connected PC can ping the DMZ host using the 10.156.1.40 address.

I've issued the command "static (inside, outside) 10.156.1.40 10.1.1.20"

Then ACLed to allow "icmp any" to the DMZ host (10.156.1.40). However, its not working? Can anyone give me any pointers to what is wrong here?

Any help greatly appreciated!

Thanks

-D

- D
- Doan
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, Feb 16, 2006 11:09 PM

Shouldn't this be reversed? Try "static (inside, outside) 10.1.1.20 10.156.140 netmask 255.255.255.255"

Doan

- D
- dabance
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Fri, Feb 17, 2006 4:20 PM

Hi,

Your Network Setup ==============

DMZ ---(outside) Firewall (inside) --- LAN

Syntax of STATIC Command.

------------------------------------------ Pix(confif)# static [(Internal interface name, external interface name)]

Pix(confif)# static (inside, outside) 10.156.1.40 10.1.1.20

By default pix will permit traffice from Inside to outside , but outside to inside is denied by default. Make sure stateful feature is running so that when ping ECHO request and ECHO reply are passing through the pix.

Pls try this and let me know..

regards, dab.