Static between interfaces PIX

Unanswered Question
Aug 6th, 2007
User Badges:

Good day. It is necessary to make translation of the address between 2 interfaces:

dmz2 security-level 10

dmz1 security-level 40

In dmz2 62.33.x.77 address It is necessary that in a network dmz1 it was accessible to the address of 62.165.y.77 the Command:

static (dmz2, dmz1) 62.165.y.77 62.33.x.77 netmask 255.255.255.255

will solve a task in view?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
oabduo983 Mon, 08/06/2007 - 02:52
User Badges:
  • Bronze, 100 points or more

Hello!


Where is your server located dmz1 or dmz2?


The command you mentioned here means the server is located in dmz2 and it has IP 62.33.x.77 and you want to access it from dmz1 using its translated ip, that is 62.165.y.77


is this what you wanted?


Plz rate if this is helpful!

1978gamayun Mon, 08/06/2007 - 03:36
User Badges:

My server is in dmz2 and has 62.33.x.77 address. I want, that to it had access from dmz1 to the address of 62.165.y.77, and it could have access in dmz1 with 62.165.y.77 address.

oabduo983 Mon, 08/06/2007 - 03:41
User Badges:
  • Bronze, 100 points or more

Yes, this should work fine if you do not have any access-lists applied to the dmz1, but if you have any ACL's make sure the permission is allowed to the 62.165.y.77 ip...


regards,

1978gamayun Thu, 08/09/2007 - 00:43
User Badges:

When i`m ping from host in dmz2 62.33.x.77 host in dmz1 192.168.230.10, I do not receive the answer

in log i'm see

Aug 9 14:23:11 pix-firewall Aug 09 2007 14:23:11: %PIX-3-305005: No translation group found for icmp src dmz2:62.33.x.77 dst dmz1:192.168.230.10 (type 8, code 0)

Why? Sorry for my bad english.

Actions

This Discussion