dmz to inside for terminal server only

Unanswered Question
Jun 26th, 2008

Hi!

Can anybody give me the config to allow clients coming from dmz 192.168.22.0 access my terminal server (192.168.2.2) through inside 192.168.2.3 interface of pix and dmz to my isp router (public IP)through the outside interface (public ip) of pix.

I read the doc Enable Comm Between Interface but could not find the specific config that i need.

Secondly, if i want to use dmz for a second internal network then what security level should be used since 100 is reserved for inside?

Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Sat, 06/28/2008 - 06:42

hi,

I believe you have resolved this as I could see a post for allowing DMZ to outside..

Anyway, here is the common setup

Outside- sec level 0

Inside - sec level 100

DMZ - sec level 50

Now for dmz(192.168.22.0) to access the Terminal server inside(192.168.2.2) it requires access list :

access-list dmz-inside-allow extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.2.2 eq 3389

access-group dmz-inside-allow in interface dmz

Marwan ALshawi Sun, 06/29/2008 - 20:31

try this

static (inside, DMZ) 192.168.2.2 192.168.2.2 mask 255.255.255.255

then make the same ACL mentioned in te revous post which is

access-list dmz-inside-allow extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.2.2 eq 3389

access-group dmz-inside-allow in interface dmz

then for DMZ to ur ISP OUSIDE interface do the following

nat (DMZ) 1 192.168.22.0

global (ouside) 1 interface

if u have static IP from your ISP you can put it instead of the interface word

also if you want access from inside to the internet

add this command

nat (inside) 1 192.168.2.0

rate if helpful, and good luck

Actions

This Discussion