Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
572
Views
5
Helpful
4
Replies

Attempt at easy DMZ

Go to solution
adcorbett_2
Level 1
Level 1

‎12-18-2008 12:05 PM - edited ‎03-11-2019 07:27 AM

Hello - I am trying to set up (for the first time) a simple DMZ on my PIX 515. Here is the DMZ layout. I have a PIX 515 connected to a 2950 switch that has one server (for now) that I need to have the world access a webpage on. I though I had it set up right, but I can't see it from the outside world, or from my private network behind the PIX. I can see the server from within the PIX. I am attaching my config, and any help would be great. I know I am probably missing a few things. Thanks!

Labels:
Preview file
11 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ajagadee
Cisco Employee
Cisco Employee
In response to adcorbett_2

‎12-23-2008 11:58 AM

Hi,

Glad to be of help. Could you update the forum that the solution resolved the issue, so others who run into similar issue can benefit out of the post. Thanks!

If the prod network is on the inside interface:

static (inside,dmz) 192.168.2.8 192.168.2.8

By default, there are not ACLs applied on the inside interface. In case if you have configured one, make sure that you permit the necessary ports/protocols for this server.

Regards,

Arul

*Pls rate all helpful posts*

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ajagadee
Cisco Employee
Cisco Employee

‎12-18-2008 12:58 PM

Andy,

I am assuming that the web server that you are talking about is with the ip address 172.16.99.10. If so, the static looks good.

static (DMZ,outside) 72.93.X.6 172.16.99.10 netmask 255.255.255.255

But, I dont see any access-list applied on the outside interface. You need to define an access-list to permit web traffic to this server.

Example:

access-list 100 permit tcp any host 72.93.X.6 eq 80

access-group 100 in interface outside

Regards,

Arul

*Pls rate all helpful posts*

Go to solution
adcorbett_2
Level 1
Level 1
In response to ajagadee

‎12-23-2008 11:38 AM

ok great!! Its working perfectly from outside now. Thank you.

Next - I need to have one server on my production network (192.168.2.8) talk to the server on the DMZ (172.16.99.10). How can I do that?

0 Helpful

Go to solution
ajagadee
Cisco Employee
Cisco Employee
In response to adcorbett_2

‎12-23-2008 11:58 AM

Hi,

Glad to be of help. Could you update the forum that the solution resolved the issue, so others who run into similar issue can benefit out of the post. Thanks!

If the prod network is on the inside interface:

static (inside,dmz) 192.168.2.8 192.168.2.8

By default, there are not ACLs applied on the inside interface. In case if you have configured one, make sure that you permit the necessary ports/protocols for this server.

Regards,

Arul

*Pls rate all helpful posts*

0 Helpful

Go to solution
adcorbett_2
Level 1
Level 1
In response to ajagadee

‎12-23-2008 12:00 PM

Thanks for your help!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card