12-18-2008 12:05 PM - edited 03-11-2019 07:27 AM
Hello - I am trying to set up (for the first time) a simple DMZ on my PIX 515. Here is the DMZ layout. I have a PIX 515 connected to a 2950 switch that has one server (for now) that I need to have the world access a webpage on. I though I had it set up right, but I can't see it from the outside world, or from my private network behind the PIX. I can see the server from within the PIX. I am attaching my config, and any help would be great. I know I am probably missing a few things. Thanks!
Solved! Go to Solution.
12-23-2008 11:58 AM
Hi,
Glad to be of help. Could you update the forum that the solution resolved the issue, so others who run into similar issue can benefit out of the post. Thanks!
If the prod network is on the inside interface:
static (inside,dmz) 192.168.2.8 192.168.2.8
By default, there are not ACLs applied on the inside interface. In case if you have configured one, make sure that you permit the necessary ports/protocols for this server.
Regards,
Arul
*Pls rate all helpful posts*
12-18-2008 12:58 PM
Andy,
I am assuming that the web server that you are talking about is with the ip address 172.16.99.10. If so, the static looks good.
static (DMZ,outside) 72.93.X.6 172.16.99.10 netmask 255.255.255.255
But, I dont see any access-list applied on the outside interface. You need to define an access-list to permit web traffic to this server.
Example:
access-list 100 permit tcp any host 72.93.X.6 eq 80
access-group 100 in interface outside
Regards,
Arul
*Pls rate all helpful posts*
12-23-2008 11:38 AM
ok great!! Its working perfectly from outside now. Thank you.
Next - I need to have one server on my production network (192.168.2.8) talk to the server on the DMZ (172.16.99.10). How can I do that?
12-23-2008 11:58 AM
Hi,
Glad to be of help. Could you update the forum that the solution resolved the issue, so others who run into similar issue can benefit out of the post. Thanks!
If the prod network is on the inside interface:
static (inside,dmz) 192.168.2.8 192.168.2.8
By default, there are not ACLs applied on the inside interface. In case if you have configured one, make sure that you permit the necessary ports/protocols for this server.
Regards,
Arul
*Pls rate all helpful posts*
12-23-2008 12:00 PM
Thanks for your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide