Web Server access from one DMZ to other

Unanswered Question
Dec 6th, 2007

I have a pair of cisco PIX 525 with Pix version 6.3 (4), I am trying to configure the web server access from one dmz interface to other. I tried couple of scenario but could not workout.

The configuration I did is as follow

1. Create the static nat

static (PACS_DATA,EPCT) 192.168.217.13 10.150.61.68 netmask 255.255.255.255 0 0

2. Created the access list and nat to exempt from the nat

access-list EPCT_nat permit ip any 10.150.61.0 255.255.255.0

nat (EPCT) 0 access-list EPCT_nat

3. Created the access list to permit all the traffic to access web server

access-list EPCT_in permit tcp 192.168.216.0 255.255.254.0 host 192.168.217.13 eq www

My firewall configurations are as follow

nameif ethernet2 EPCT security9

nameif vlan486 PACS_DATA security16

global (EPCT) 1 interface

nat (EPCT) 1 192.168.216.0 255.255.254.0 outside 0 0

nat (PACS_DATA) 0 access-list PACS_DATA_NAT

any help will be highly appriciated

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
meesaw Thu, 12/06/2007 - 10:31

Sorry i foget to tell i am getting this error messge in logs

PIX-3-305006: regular translation creation failed for icmp src xxxx dst xxxx(type 8, code 0)

husycisco Tue, 12/11/2007 - 01:49

Hi Waseem

Please tell me in which DMZ your webserver is located, its IP and from which interface you want to reach webserver from which IP

Regards

meesaw Tue, 12/11/2007 - 10:21

my webserver is in PACS Vlan DMZ and my clints are in EPCT DMZ. Webserver IP is 10.150.61.41 and my EPCT subnet is 192.168.216.0 /23. i want to configure the access of all EPCT to this webserver.

acomiskey Tue, 12/11/2007 - 10:35

static (EPCT,PACS_DATA) 192.168.216.0 192.168.216.0 255.255.254.0

access-list EPCT_in permit tcp 192.168.216.0 255.255.254.0 host 192.168.217.13 eq www

access-group EPCT_in in interface EPCT

husycisco Tue, 12/11/2007 - 12:13

Adam shouldnt it be as following since clients has to reach Web server?

static (EPCT,PACS_DATA) 10.150.61 41 10.150.61.41 netmask 255.255.255.255

access-list epct_access_in permit tcp 192.168.216.0 255.255.255.0 host 10.150.61.41 eq www

access-group epct_access_in in interface EPCT

(If you already have an ACL grouped to interface, add the ACL in it, dont use the ACL name above)

Regards

Actions

This Discussion