Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Web Server access from one DMZ to other

I have a pair of cisco PIX 525 with Pix version 6.3 (4), I am trying to configure the web server access from one dmz interface to other. I tried couple of scenario but could not workout.

The configuration I did is as follow

1. Create the static nat

static (PACS_DATA,EPCT) 192.168.217.13 10.150.61.68 netmask 255.255.255.255 0 0

2. Created the access list and nat to exempt from the nat

access-list EPCT_nat permit ip any 10.150.61.0 255.255.255.0

nat (EPCT) 0 access-list EPCT_nat

3. Created the access list to permit all the traffic to access web server

access-list EPCT_in permit tcp 192.168.216.0 255.255.254.0 host 192.168.217.13 eq www

My firewall configurations are as follow

nameif ethernet2 EPCT security9

nameif vlan486 PACS_DATA security16

global (EPCT) 1 interface

nat (EPCT) 1 192.168.216.0 255.255.254.0 outside 0 0

nat (PACS_DATA) 0 access-list PACS_DATA_NAT

any help will be highly appriciated

6 REPLIES
New Member

Re: Web Server access from one DMZ to other

Sorry i foget to tell i am getting this error messge in logs

PIX-3-305006: regular translation creation failed for icmp src xxxx dst xxxx(type 8, code 0)

Re: Web Server access from one DMZ to other

Hi Waseem

Please tell me in which DMZ your webserver is located, its IP and from which interface you want to reach webserver from which IP

Regards

New Member

Re: Web Server access from one DMZ to other

my webserver is in PACS Vlan DMZ and my clints are in EPCT DMZ. Webserver IP is 10.150.61.41 and my EPCT subnet is 192.168.216.0 /23. i want to configure the access of all EPCT to this webserver.

Green

Re: Web Server access from one DMZ to other

static (EPCT,PACS_DATA) 192.168.216.0 192.168.216.0 255.255.254.0

access-list EPCT_in permit tcp 192.168.216.0 255.255.254.0 host 192.168.217.13 eq www

access-group EPCT_in in interface EPCT

Re: Web Server access from one DMZ to other

Adam shouldnt it be as following since clients has to reach Web server?

static (EPCT,PACS_DATA) 10.150.61 41 10.150.61.41 netmask 255.255.255.255

access-list epct_access_in permit tcp 192.168.216.0 255.255.255.0 host 10.150.61.41 eq www

access-group epct_access_in in interface EPCT

(If you already have an ACL grouped to interface, add the ACL in it, dont use the ACL name above)

Regards

Re: Web Server access from one DMZ to other

any update here?

128
Views
0
Helpful
6
Replies