I have a public /24 address range that i want to apply to a DMZ on a pix 515. The outside interface on the pix is connected to a Cisco router using an private address 10.x.x.x This router is running bgp and eigrp. I need to advertise the DMZ range in BGP and allow traffic from the internet to the DMZ on the pix.The issue i seem to be having is getting the traffic from the router to the DMZ. At the moment there are no access-lists in place anywhere and the router has routes to the pix. By debugging icmp on the pix i can see the inbound icmp traffic hitting the pix ok but the pix doesnt reply. I have tried this with static and eigrp routes on both the router and pix.
If you don't apply an ACL on the outside interface (lower security) how will it communicate with the DMZ interface (higher security)? Also by the PIX/ASA rules you will not be able to ping the DMZ interface itself from the Router on the outside, Try to ping something 'behind' the DMZ interface, like a web-server etc.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...