Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
512
Views
0
Helpful
6
Replies

Web Server access from one DMZ to other

meesaw
Level 1
Level 1

‎12-06-2007 04:25 AM - edited ‎03-11-2019 04:39 AM

I have a pair of cisco PIX 525 with Pix version 6.3 (4), I am trying to configure the web server access from one dmz interface to other. I tried couple of scenario but could not workout.

The configuration I did is as follow

1. Create the static nat

static (PACS_DATA,EPCT) 192.168.217.13 10.150.61.68 netmask 255.255.255.255 0 0

2. Created the access list and nat to exempt from the nat

access-list EPCT_nat permit ip any 10.150.61.0 255.255.255.0

nat (EPCT) 0 access-list EPCT_nat

3. Created the access list to permit all the traffic to access web server

access-list EPCT_in permit tcp 192.168.216.0 255.255.254.0 host 192.168.217.13 eq www

My firewall configurations are as follow

nameif ethernet2 EPCT security9

nameif vlan486 PACS_DATA security16

global (EPCT) 1 interface

nat (EPCT) 1 192.168.216.0 255.255.254.0 outside 0 0

nat (PACS_DATA) 0 access-list PACS_DATA_NAT

any help will be highly appriciated

Labels:
0 Helpful
6 Replies 6

meesaw
Level 1
Level 1

‎12-06-2007 10:31 AM

Sorry i foget to tell i am getting this error messge in logs

PIX-3-305006: regular translation creation failed for icmp src xxxx dst xxxx(type 8, code 0)

0 Helpful

husycisco
Level 7
Level 7

‎12-11-2007 01:49 AM

Hi Waseem

Please tell me in which DMZ your webserver is located, its IP and from which interface you want to reach webserver from which IP

Regards

0 Helpful

meesaw
Level 1
Level 1
In response to husycisco

‎12-11-2007 10:21 AM

my webserver is in PACS Vlan DMZ and my clints are in EPCT DMZ. Webserver IP is 10.150.61.41 and my EPCT subnet is 192.168.216.0 /23. i want to configure the access of all EPCT to this webserver.

0 Helpful

acomiskey
Level 10
Level 10
In response to meesaw

‎12-11-2007 10:35 AM

static (EPCT,PACS_DATA) 192.168.216.0 192.168.216.0 255.255.254.0

access-list EPCT_in permit tcp 192.168.216.0 255.255.254.0 host 192.168.217.13 eq www

access-group EPCT_in in interface EPCT

0 Helpful

husycisco
Level 7
Level 7
In response to acomiskey

‎12-11-2007 12:13 PM

Adam shouldnt it be as following since clients has to reach Web server?

static (EPCT,PACS_DATA) 10.150.61 41 10.150.61.41 netmask 255.255.255.255

access-list epct_access_in permit tcp 192.168.216.0 255.255.255.0 host 10.150.61.41 eq www

access-group epct_access_in in interface EPCT

(If you already have an ACL grouped to interface, add the ACL in it, dont use the ACL name above)

Regards

0 Helpful

husycisco
Level 7
Level 7
In response to husycisco

‎12-12-2007 02:05 PM

any update here?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card