Route from DMZ to network connected to INSIDE

gecko2207 · ‎04-13-2007

I need to set up my PIX to route from my DMZ (10.10.50.0/24) to a network (192.168.10.0/24) that is connected to a switch on the inside network (10.10.100.0/24) via a router. The switch (10.10.100.2)on the inside network has a static route to the 192.168.10.0 network, and is the default gateway for the PCs on the inside network. The PIX is then the default gateway for the switch. The PCs on the inside network are able to access the 192.168.10.0 network and vice versa. I want to set it up so that the 192.168.10.0 network can access the servers in the DMZ and the DMZ servers can access servers on that network as well (with the correct access lists).

My question is, to set up to allow the 192.168.10.0 network to access my DMZ servers, will I need a static NAT statement such as:

static (inside,DMZ) 192.168.10.0 192.168.10.0 netmask 255.255.255.0,

and when entering the route for that network would I use the command:

route inside 192.168.10.0 255.255.255.0 10.10.100.2 1

or

route DMZ 192.168.10.0 255.255.255.0 10.10.100.2 1.

Also, is there anything else that I am forgetting (assuming the correct access lists are in place)?

acomiskey · ‎04-13-2007

Yes, you will need the static and the correct routing statement is route inside. Other than the acl into the DMZ interface that should do it.