Configuring DMZ on PIX 515

Unanswered Question

Hey guys/gals:

I want to put a web server on my DMZ. I set up the IP address on the PIX's DMZ. How can get my web server access to my inside network and vice versa? I don't know what to do next.

I already created a VLAN in my network for this network This network is in the same network as the DMZ's IP.

Muchas Gracias

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
acomiskey Tue, 11/06/2007 - 10:15
User Badges:
  • Green, 3000 points or more

So if you have something like

ip address dmz

ip address inside

To get the inside and dmz to talk you could add..

static (inside,dmz) netmask

To initiate communication from the dmz to the inside you will also need to create an acl on the dmz. For instance, to get the dmz network to hit the inside network on port 80 and 443 it would look like this...

access-list dmz permit tcp eq 80

access-list dmz permit tcp eq 443

access-list dmz deny ip any

access-list dmz permit ip any any

access-group dmz in interface dmz

Please rate helpful posts.

acomiskey Tue, 11/06/2007 - 10:50
User Badges:
  • Green, 3000 points or more

It's correct. It is so no nat will take place between inside and dmz.

thebrom Thu, 11/15/2007 - 13:02
User Badges:

you also need to setup the devices on the DMZ with the default gateway to match that of the FW DMZ interface.

gomeso Fri, 11/16/2007 - 19:45
User Badges:


I'm just curious about this command "access-list dmz permit ip any any" it really necessary?


This Discussion