1. Home
  2. Networking Firewalls
  3. PIX DMZ Config help

PIX DMZ Config help

Hi,

Here is what I am trying to do.

I have a PIX with 3 interfaces, inside, outside & DMZ.

I have a server connected to the DMZ interface, the server can ping the DMZ interface Ok.

I have a server on the inside interface that I would like to access the DMZ server.

The inside server is on 192.168.1.x, the DMZ interface and DMZ server are on 192.168.2.x.

I have added a 192.168.2.x IP to the inside server and added this route to my PIX:

static (inside,DMZ0 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0.

Is this right or am I missing something as the inside server cannot ping the DMZ server.

Regards Paul.

Reply to
Bob
Loading thread data ...

you need

static (inside,DMZ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0

This way your inside subnet is translated for itself on the DMZ. In other words it make the inside subnet visible to your DMZ.

The way you put it doesn't accomplish anything . What you are saying to the PIX is translate the inside address of 192.168.2.0 for itself on the DMZ. But you don't have any device on the inside at 192.168.2.0.

Reply to
mcaissie

right, but you might also need a nonat access-list between the two lans: nat (inside) 0 access-list no-nat

and a rule like:

access-list no-nat permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

good explanation for all types of pix nats here:

formatting link
M

Reply to
mak

You can try adding static (inside,DMZ0 192.168.2.0 192.168.1.0 netmask 255.255.255.0 0 0)

Let's see, the problem solves or not?

Reply to
poal

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.