How would i configure a host outside of my firewall to use a dmz server as a gateway to the internet?
10.10.4.5 --- 10.10.4.1 (outside)pix--(dmz)192.168.1.1 ------192.168.1.10(gateway) ---- Internet
How would the host 10.10.4.5 use 192.168.1.10 to reach the internet?
what acls are needed
what nat is needed
Please let me know if someone has been able to do this gateway config from
low security to high security to the net.
You have the internet on the DMZ (higher security level than the outside) ? That is strange and not common.
You have to provide translation for all the internet hosts like google and yahoo when they respond to this host on the outside.
1. The outside ACL should allow necessary access for this host to go out to the inter (port 80 and 443 and others)
access-l outside per tcp host 10.10.4.5 any eq 80
access-l outside per tcp host 10.10.4.5 any eq 443
2. Now the traslation
nat (DMZ) 0 access-l nat_0
access-l nat_0 per ip any host 10.10.4.5