×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Pix515e

Unanswered Question
Jul 16th, 2002
User Badges:

I have a customer with a PIX 515E which I recently configured using a combination of access lists and conduits. The customer has an unusual request. From the inside interface I can access the DMZ ok, and from the outside I can access the DMz as well. The customer wants the ability to access the inside from the DMZ. I beleive that this cannot be done as I have tried conduit and access-lists with no sucess. In addition, I do not think this to be a good idea given the risks involved with access from a DMZ to an inside interface. Your thoughs ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
anavarro Tue, 07/16/2002 - 09:10
User Badges:

I don't see why you would use access-list and conduits simultaneously, but either way since the dmz has lower security than the inside you would apply an access-list on the dmz interface specifying the services needed to enter the inside, just like you would for outside to dmz. You would also need static mappings to the inside hosts that need to be accessed. But I would not allow the entire inside to be accessed by the dmz.

Actions

This Discussion