Allow Inside Hosts Access to a DMZ without Translation

Unanswered Question
Jun 27th, 2007

Hi,


Could you pls mail what exactly the below command will do ?


1) static (inside,dmz) 10.1.6.100 10.1.6.100

2) static (dmz,inside) 10.1.6.100 10.1.6.100


Pls mail me documentaion reference with multiple DMZ(1-4) configuration in PIX with translation and without address translation.


-Ganesh




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Thu, 06/28/2007 - 08:43

you don't need 2), assuming 10.1.6.100 is the host on the inside interface that needs access to the dmz.


You could also use nat zero to accomplish this:

nat (inside) 0 natzero_acl

access-list natzero_acl permit ip host 10.1.6.100 host dmz_host_ip

gappavoo1 Thu, 06/28/2007 - 09:21

Hi,


Thanks for your reply !


Pls clarify me, assuming a host 10.2.7.200 in DMZ interface that needs to access inside the below commands is correct ?


static (dmz,inside) 10.2.7.200 10.2.7.200


-Ganesh

acomiskey Thu, 06/28/2007 - 09:37

No you would not need that.


For 10.2.7.200 and 10.1.6.100 to communicate between the inside and dmz, all you need is...


static (dmz,inside) 10.1.6.100 10.1.6.100

Actions

This Discussion