1. Home
  2. Cisco Systems
  3. Stuck on routing from inside network to vlan dmz

Stuck on routing from inside network to vlan dmz

Hello,

Anyone have suggestions for this situation? I've got an inside network

192.168.10.1 255.255.255.0 on default vlan1 and a dmz network 192.168.1.0 255.255.255.0 on vlan 2.

My goal is to allow routing from the inside network to the dmz network.

I have a PIX 506e and Catalyst 2950. I believe I have the switch configured correctly because I can ping addresses on the 192.168.1.0 network from the PIX. However, I cannot ping the PIX's dmz ip address or beyond.

If I enable DEBUG ICMP TRACE on the PIX, the console does show it receiving echo requests but no replies.

If I run SHOW ROUTE, I get this: outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xx 1 OTHER static outside xxx.0.0.0 255.0.0.0 xxx.xxx.xxx.xxx 1 CONNECT static dmz 192.168.1.0 255.255.255.0 192.168.1.205 1 CONNECT static inside 192.168.10.0 255.255.255.0 192.168.10.1 1 CONNECT static

Here is my PIX config. Any help is appreciated. Thanks.

interface ethernet0 auto interface ethernet1 100full interface ethernet1 vlan2 logical nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif vlan2 dmz security50 enable password xxx encrypted passwd xxx encrypted hostname xxx domain-name prcinnovations.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 192.168.10.10 SERVER-Internal name 80.15.200.19 SERVER-External access-list outside_access_in permit tcp any host SERVER-External eq www access-list outside_access_in permit tcp any host SERVER-External eq ftp access-list outside_access_in permit tcp any host SERVER-External eq ldap access-list outside_access_in permit tcp any host SERVER-External eq smtp access-list outside_access_in permit tcp any host SERVER-External eq

3389 access-list outside_access_in permit tcp any host SERVER-External eq pptp access-list outside_access_in permit gre any host SERVER-External access-list outside_access_in permit tcp any host SERVER-External eq 8585 access-list outside_access_in permit tcp any host SERVER-External eq pop3 access-list inside_access_dmz permit ip any any ip address outside 80.15.200.18 255.0.0.0 ip address inside 192.168.10.1 255.255.255.0 ip address dmz 192.168.1.205 255.255.255.0 global (outside) 1 interface nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) SERVER-External SERVER-Internal netmask 255.255.255.255 0 0 access-group outside_access_in in interface outside access-group inside_access_dmz in interface dmz route outside 0.0.0.0 0.0.0.0 80.15.200.17 1
Reply to
Ken
Loading thread data ...

The Cisco CCO site is one of the place to look for configuration examples

formatting link
see "Configuring the PIX Firewall with Mail Server Access on DMZ Network" it looks to be the closest example for what you are trying to accomplish

formatting link

Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.