Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Outside host needs to use dmz gateway for internet - pix 6.3

Hello Experts,

How would i configure a host outside of my firewall to use a dmz server as a gateway to the internet?

Example:

10.10.4.5 --- 10.10.4.1 (outside)pix--(dmz)192.168.1.1 ------192.168.1.10(gateway) ---- Internet

How would the host 10.10.4.5 use 192.168.1.10 to reach the internet?

what acls are needed

what nat is needed

Please let me know if someone has been able to do this gateway config from

low security to high security to the net.

Thank you,

Randall

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Outside host needs to use dmz gateway for internet - pix 6.3

You have the internet on the DMZ (higher security level than the outside) ? That is strange and not common.

You have to provide translation for all the internet hosts like google and yahoo when they respond to this host on the outside.

1. The outside ACL should allow necessary access for this host to go out to the inter (port 80 and 443 and others)

access-l outside per tcp host 10.10.4.5 any eq 80

access-l outside per tcp host 10.10.4.5 any eq 443

2. Now the traslation

nat (DMZ) 0 access-l nat_0

access-l nat_0 per ip any host 10.10.4.5

-KS

2 REPLIES
Cisco Employee

Re: Outside host needs to use dmz gateway for internet - pix 6.3

You have the internet on the DMZ (higher security level than the outside) ? That is strange and not common.

You have to provide translation for all the internet hosts like google and yahoo when they respond to this host on the outside.

1. The outside ACL should allow necessary access for this host to go out to the inter (port 80 and 443 and others)

access-l outside per tcp host 10.10.4.5 any eq 80

access-l outside per tcp host 10.10.4.5 any eq 443

2. Now the traslation

nat (DMZ) 0 access-l nat_0

access-l nat_0 per ip any host 10.10.4.5

-KS

New Member

Re: Outside host needs to use dmz gateway for internet - pix 6.3

Excellent answer, thank you :-)

598
Views
0
Helpful
2
Replies