Pix command to allow access to network behind a network

- E
- elementaladmins
  
  Contact options for registered users
posted
16 years ago

Sat, Aug 11, 2007 3:53 AM

Hi, looking for some guidance as I currently have a pix setup as follows

Internet | Pix ---- DMZ | Internal network

using the static comand to disable nat from the dmz to internal which allows access for servers in the dmz to access (with teh correct acl) servers in the internal lan. We will be segmenting this internal network to contain two networks as shown below

Internet | Pix ---- DMZ | Internal network1 ---Router--Internal Network2

Leaving the config as is the servers in the DMZ cant traverse to the internal network2 (due to the fact that the pix doesn't know about it). Howver, since the internal network2 is not directly connected to the pix inside interface, what neds to happen to permit (besides an ACL) traffic from the DMZ to Inernal Network2?

Thanks,

Ted

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Sat, Aug 11, 2007 3:59 AM

Just add

route inside NETWORK2BASE NETWORK2MASK ROUTERIP

Along with the appropriate ACL entries and appropriate static entries for any traffic you wish to permit from the outside or DMZ to the new internal network.

- C
- Christoph Gartmann
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Sat, Aug 11, 2007 8:31 PM

You need something like this: route inside a.b.c.d 255.255.255.0 w.x.y.z 1 where "a.b.c.d" is the IP address of Network2 and "w.x.y.z" is the IP address of your Router. Of course, I assumed that the Pix interface is named "inside".

Regards, Christoph Gartmann