Allow Inside Hosts Access to a DMZ without Translation

Unanswered Question
Jun 27th, 2007
User Badges:

Hi,


Could you pls mail what exactly the below command will do ?


1) static (inside,dmz) 10.1.6.100 10.1.6.100

2) static (dmz,inside) 10.1.6.100 10.1.6.100


Pls mail me documentaion reference with multiple DMZ(1-4) configuration in PIX with translation and without address translation.


-Ganesh




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Thu, 06/28/2007 - 08:43
User Badges:
  • Blue, 1500 points or more

you don't need 2), assuming 10.1.6.100 is the host on the inside interface that needs access to the dmz.


You could also use nat zero to accomplish this:

nat (inside) 0 natzero_acl

access-list natzero_acl permit ip host 10.1.6.100 host dmz_host_ip

gappavoo1 Thu, 06/28/2007 - 09:21
User Badges:

Hi,


Thanks for your reply !


Pls clarify me, assuming a host 10.2.7.200 in DMZ interface that needs to access inside the below commands is correct ?


static (dmz,inside) 10.2.7.200 10.2.7.200


-Ganesh

acomiskey Thu, 06/28/2007 - 09:37
User Badges:
  • Green, 3000 points or more

No you would not need that.


For 10.2.7.200 and 10.1.6.100 to communicate between the inside and dmz, all you need is...


static (dmz,inside) 10.1.6.100 10.1.6.100

Actions

This Discussion