1. Home
  2. Cisco Systems
  3. Cisco 515e DMZ Issue

Cisco 515e DMZ Issue

Please Help. The issue I am having is that I cant get outside access to the DMZ via

203.202.137.180 address. Inside has access, but not from the outside. What do I need to do to make this happen. Thanks.

Here is the following config.

------------------------------------------------------------------------------ interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 DMZ security4

fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol pptp 1723 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 192.168.1.10 QLDSEC1 name 172.17.1.10 S1ISA02 name 192.168.1.9 QLDSEC1-IN name 172.17.1.9 S1ISA02-IN name 203.202.x.x IShop object-group service WEBAccess tcp description HTTP HTTPS Web Access port-object eq www port-object eq https object-group service SMTPEmail tcp description SMTP port-object eq smtp object-group service FTPAccess tcp port-object eq ftp-data port-object eq ftp object-group service VPNAccess udp description VPN Access port-object range isakmp isakmp access-list outside_access_in permit tcp any host 203.202.137.179 object-group SMTPEmail access-list outside_access_in permit tcp any host 203.202.137.179 object-group FTPAccess access-list outside_access_in permit tcp any host 203.202.137.179 object-group WEBAccess access-list outside_access_in permit tcp any host 203.202.137.179 eq pptp access-list outside_access_in permit udp any host 203.202.137.179 object-group VPNAccess access-list outside_access_in permit gre any host 203.202.137.179 access-list outside_access_in permit tcp any host IShop object-group WEBAccess pager lines 24 logging history warnings icmp deny any echo outside mtu outside 1500 mtu inside 1500 mtu DMZ 1500 ip address outside 203.202.137.178 255.255.255.0 ip address inside 192.168.1.1 255.255.255.0 ip address DMZ 172.17.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location S1ISA02 255.255.255.255 DMZ pdm location QLDSEC1 255.255.255.255 inside pdm location 203.202.137.179 255.255.255.255 outside pdm location QLDSEC1-IN 255.255.255.255 inside pdm location 192.168.1.5 255.255.255.255 inside pdm location S1ISA02-IN 255.255.255.255 DMZ pdm location IShop 255.255.255.255 outside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 200 interface global (DMZ) 200 172.17.1.15-172.17.1.100 nat (inside) 200 QLDSEC1 255.255.255.255 0 0 static (inside,outside) 203.202.137.179 QLDSEC1-IN netmask

255.255.255.255 0 0 static (DMZ,outside) IShop S1ISA02-IN netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 203.202.137.177 1
Reply to
ChrisD
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.