Re: PIX DMZ Setup?

- A
- Alain Pierre
  
  Contact options for registered users
posted
18 years ago

Sat, May 28, 2005 12:57 PM

I'm trying to setup a server on a PIX 515 DMZ interface and allow it to
> talk freely to the Internet going outbound while allowing only inbound > port 3389 traffic?

There is no ACL for the nated host to get out.

> Here's what I have at this time for the dmz interface >> > > > > nameif ethernet2 dmz security50 > > ip address dmz 172.16.128.1 255.255.255.0 > > static (dmz,outside) tcp 12.166.12.33 3389 172.16.128.11 3389 netmask > 255.255.255.255 0 0 > > access-list dmz-in permit tcp any host 12.166.12.33 eq 3389 > > access-group dmz-in in interface outside >

Loading thread data ...

- D
- David
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Sat, May 28, 2005 1:31 PM

But why would I need an ACL for a host to get out from an interface with security50 to an interface with security0?

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.