Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 515E DMZ config

If the PIX has it's inside interface on it's own subnet, uplinked to 4503 switch (10.10.10.0), and the workstations and servers are on different subnets (10.10.20.0, 10.10.30.0), and using the switch as their default gateway, how do you set up the NATing to allow access to servers in the DMZ from the inside Interface?

Do I set up seperate NAT

4 REPLIES
Silver

Re: PIX 515E DMZ config

First thing is getting your route inside statements right.

route inside 10.10.20.0 255.255.255.0 10.10.10.1

route inside 10.10.30.0 255.255.255.0 10.10.10.1

The above statements are assuiming that your switch ip is 10.10.10.1.

Then i believe you mist have already had nat (inside) 1 10.10.20.0 255.255.255.0 and nat (inside) 1 10.10.30.0 255.255.255.0 statements

global(dmz) 1 interface or else type the address you want it to translate it to.

Thats all.

HTH

Hoogen

New Member

Re: PIX 515E DMZ config

I have all of this and I still am unable to ping the DMZ interface, there is no host machine on the DMZ at the moment.

Shouldn't I be able to ping the DMZ interface though?

Silver

Re: PIX 515E DMZ config

Hey ..

You cant ping the DMZ interface IP from the inside network. This is not allowed. Please refer to following link:

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#pingsown

Try seeting up a host on the DMZ network and check if pinging to that works.

Hope that helps.

Regards,

Vibhor.

Cisco Employee

Re: PIX 515E DMZ config

Try this :

static (inside,dmz) 10.10.20.0 10.10.20.0

static (inside,dmz) 10.10.30.0 10.10.30.0

route inside 10.10.0.0 255.255.0.0

That should do it.

(Please rate if helped)

-Kanishka

266
Views
20
Helpful
4
Replies