06-26-2008 03:15 AM - edited 03-11-2019 06:05 AM
Hi!
Can anybody give me the config to allow clients coming from dmz 192.168.22.0 access my terminal server (192.168.2.2) through inside 192.168.2.3 interface of pix and dmz to my isp router (public IP)through the outside interface (public ip) of pix.
I read the doc Enable Comm Between Interface but could not find the specific config that i need.
Secondly, if i want to use dmz for a second internal network then what security level should be used since 100 is reserved for inside?
Thanks!
06-28-2008 06:42 AM
hi,
I believe you have resolved this as I could see a post for allowing DMZ to outside..
Anyway, here is the common setup
Outside- sec level 0
Inside - sec level 100
DMZ - sec level 50
Now for dmz(192.168.22.0) to access the Terminal server inside(192.168.2.2) it requires access list :
access-list dmz-inside-allow extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.2.2 eq 3389
access-group dmz-inside-allow in interface dmz
06-29-2008 08:31 PM
try this
static (inside, DMZ) 192.168.2.2 192.168.2.2 mask 255.255.255.255
then make the same ACL mentioned in te revous post which is
access-list dmz-inside-allow extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.2.2 eq 3389
access-group dmz-inside-allow in interface dmz
then for DMZ to ur ISP OUSIDE interface do the following
nat (DMZ) 1 192.168.22.0
global (ouside) 1 interface
if u have static IP from your ISP you can put it instead of the interface word
also if you want access from inside to the internet
add this command
nat (inside) 1 192.168.2.0
rate if helpful, and good luck
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: