Allow Inside Hosts Access to a DMZ without Translation

Unanswered Question
Jun 27th, 2007

Hi,

Could you pls mail what exactly the below command will do ?

1) static (inside,dmz) 10.1.6.100 10.1.6.100

2) static (dmz,inside) 10.1.6.100 10.1.6.100

Pls mail me documentaion reference with multiple DMZ(1-4) configuration in PIX with translation and without address translation.

-Ganesh

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Thu, 06/28/2007 - 08:43

you don't need 2), assuming 10.1.6.100 is the host on the inside interface that needs access to the dmz.

You could also use nat zero to accomplish this:

nat (inside) 0 natzero_acl

access-list natzero_acl permit ip host 10.1.6.100 host dmz_host_ip

gappavoo1 Thu, 06/28/2007 - 09:21

Hi,

Thanks for your reply !

Pls clarify me, assuming a host 10.2.7.200 in DMZ interface that needs to access inside the below commands is correct ?

static (dmz,inside) 10.2.7.200 10.2.7.200

-Ganesh

acomiskey Thu, 06/28/2007 - 09:37

No you would not need that.

For 10.2.7.200 and 10.1.6.100 to communicate between the inside and dmz, all you need is...

static (dmz,inside) 10.1.6.100 10.1.6.100

Actions

This Discussion