12-06-2007 04:25 AM - edited 03-11-2019 04:39 AM
I have a pair of cisco PIX 525 with Pix version 6.3 (4), I am trying to configure the web server access from one dmz interface to other. I tried couple of scenario but could not workout.
The configuration I did is as follow
1. Create the static nat
static (PACS_DATA,EPCT) 192.168.217.13 10.150.61.68 netmask 255.255.255.255 0 0
2. Created the access list and nat to exempt from the nat
access-list EPCT_nat permit ip any 10.150.61.0 255.255.255.0
nat (EPCT) 0 access-list EPCT_nat
3. Created the access list to permit all the traffic to access web server
access-list EPCT_in permit tcp 192.168.216.0 255.255.254.0 host 192.168.217.13 eq www
My firewall configurations are as follow
nameif ethernet2 EPCT security9
nameif vlan486 PACS_DATA security16
global (EPCT) 1 interface
nat (EPCT) 1 192.168.216.0 255.255.254.0 outside 0 0
nat (PACS_DATA) 0 access-list PACS_DATA_NAT
any help will be highly appriciated
12-06-2007 10:31 AM
Sorry i foget to tell i am getting this error messge in logs
PIX-3-305006: regular translation creation failed for icmp src xxxx dst xxxx(type 8, code 0)
12-11-2007 01:49 AM
Hi Waseem
Please tell me in which DMZ your webserver is located, its IP and from which interface you want to reach webserver from which IP
Regards
12-11-2007 10:21 AM
my webserver is in PACS Vlan DMZ and my clints are in EPCT DMZ. Webserver IP is 10.150.61.41 and my EPCT subnet is 192.168.216.0 /23. i want to configure the access of all EPCT to this webserver.
12-11-2007 10:35 AM
static (EPCT,PACS_DATA) 192.168.216.0 192.168.216.0 255.255.254.0
access-list EPCT_in permit tcp 192.168.216.0 255.255.254.0 host 192.168.217.13 eq www
access-group EPCT_in in interface EPCT
12-11-2007 12:13 PM
Adam shouldnt it be as following since clients has to reach Web server?
static (EPCT,PACS_DATA) 10.150.61 41 10.150.61.41 netmask 255.255.255.255
access-list epct_access_in permit tcp 192.168.216.0 255.255.255.0 host 10.150.61.41 eq www
access-group epct_access_in in interface EPCT
(If you already have an ACL grouped to interface, add the ACL in it, dont use the ACL name above)
Regards
12-12-2007 02:05 PM
any update here?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide