Global IP communications problems with outside interface

Unanswered Question
May 11th, 2007

Hi all. I have small problem I need help to figure out

I have a Global statement:

global (outside) 2 1.1.1.10 netmask 255.255.255.240

And my nat statement is:

nat (dmz2) 2 0.0.0.0 0.0.0.0 0 0

Now, I have a host inside DMZ2 that wants to talk to my PIX's outside interface which is: 1.1.1.3

So the traffic goes from insidehost -> gets PAT/NAT with 1.1.1.10 (global interface) and then trying to contact the real outside interface 1.1.1.3. But it dont work

In my DMZ2 ACL i have the rule "permit ip any any" just to be on the safe side.

My insidehost can contact other sites outside my PIX. (I Have 2 other pix with other ip-ranges that the inside host can contact without problems.)

So, is it possible for the global interface to contact the outside interface or is that denied somehow intentionaly`?

Or do i need to add a rule in the outside ACL that permits the outside interface to communicate with the global interface?

Regards

Anders

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vitripat Fri, 05/11/2007 - 02:41

This wont work. But why exactly do you need a DMZ host to communicate with PIX's outside interface IP address? If you can tell the requirement like a webserver on inside using PIX's outside interface IP address, we may be able to help.

Regards,

Vibhor.

Actions

This Discussion