1. Home
  2. Cisco Systems
  3. Accessing higher security level from higher security level

Accessing higher security level from higher security level

I'm a newbie and and setting up a pix firewall and i need to access higher security level from a lower security level. Ideally just need to be able use terminal services. This is what the configuration is. I need to user terminal services from tmx-dmz to get access to singlemom. This is just the relevant stuff below for this network

nameif ethernet0 outside security0 nameif ethernet1 singlemom security98 nameif ethernet2 failover security97 nameif ethernet3 intdmz security80 nameif ethernet4 dmz1 security40 nameif ethernet5 tmx-dmz security90

access-list acl_nonat permit ip 10.0.0.0 255.0.0.0 10.100.1.0

255.255.255.0 access-list acl_nonat permit ip TMX-DMZ 255.255.0.0 INTDMZ 255.255.0.0 access-list acl_nonat permit ip TMX-DMZ 255.255.0.0 NET0_DMZ1 255.255.0.0 access-list acl_out permit tcp any host 198.x.x.xeq smtp access-list acl_out permit tcp any host 198.x.x.xeq pop3 access-list acl_out permit tcp any host 198.x.x.x eq 5900 access-list acl_out permit tcp any host 198.x.x.x eq 5500 access-list acl_out permit tcp any host 198.x.x.x eq 3389 access-list singlemom_in line 2 permit ip any any access-list singlemom_in line 3 permit icmp any any access-list singlemom_in line 4 permit tcp any any eq 3389

global (outside) 1001 198.87.36.128-198.87.36.199 global (outside) 1100 198.87.36.201-198.87.36.210 global (outside) 1101 198.87.36.100-198.87.36.120 global (outside) 1100 198.87.36.200 global (outside) 1011 198.87.36.124 global (singlemom) 1011 10.50.0.20-10.50.0.250 netmask 255.255.0.0 global (singlemom) 1011 10.50.0.5-10.50.0.254 netmask 255.255.0.0 global (dmz1) 1001 10.150.100.0-10.150.100.250 netmask 255.255.0.0 global (dmz1) 1100 10.150.110.0-10.150.110.250 netmask 255.255.255.0 global (tmx-dmz) 1101 10.10.0.2-10.10.0.250 netmask 255.255.0.0 nat (singlemom) 0 access-list acl_nonat nat (singlemom) 1011 singlemom 255.255.0.0 dns 0 0 nat (intdmz) 0 access-list acl_nonat nat (intdmz) 1100 INTDMZ 255.255.0.0 dns 0 0 nat (dmz1) 0 access-list acl_nonat nat (tmx-dmz) 0 access-list acl_nonat nat (tmx-dmz) 1101 TMX-DMZ 255.255.0.0 0 0

static (singlemom,outside) 198.x.x.x 10.50.0.10 dns netmask

255.255.255.255 1000 100 static (singlemom,tmx-dmz) singlemom singlemom netmask 255.255.0.0 0 0 access-group acl_out in interface outside access-group email_in in interface dmz1 access-group singlemom_in interface singlemom

Any help would be appreciated!

Regards, Nick

Reply to
nderose
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.