I have a remote office with a WLAN and a wired LAN and a Cisco PIX 506 between them. The link and routing from the remote office LAN to the head office LAN is ISP managed with no firewall between the two locations. At head office there is Cisco PIX 515 separating the LAN from DMZ and Internet.
I am trying to set up routing and access rules for a laptop on the remote office WLAN to access a web server in the head office DMZ. I can get from the remote WLAN to head office LAN, but not DMZ (or I am getting there, but the web server response is not getting back). I can get from my computer on head office LAN back to remote office WLAN. I believe this tells me that the ISP routers are okay because they are routing between both LANs. I am struggling with the static route and rules needed on the head office FW to allow the DMZ web server to respond back to the remote WLAN.
I am new to PIX and have been learning in the PDM but have not resolved my scenerio to work and now decided I need to learn the command line so I know what commands are being initiated from actions in the GUI. I believe I know what I need in theory, but think that I am failing with my settings and have been going in circles with trial and error lately.
What I am looking for is a recommendation on the static routes, access rules and NATs you think are needed on both firewalls. I would really appreciate any help as I have been at this for several days and am just lacking the experience.
Remote WLAN: 172.17.4.0
Remote LAN: 172.20.4.0
Remote FW Outside: 172.17.4.60
Remote FW Inside: 172.20.4.70
Remote FW Inside Gateway: 172.20.4.100
ISP Managed Router on Remote LAN: 172.20.4.100
Laptop on WLAN: 172.17.4.80
Laptop GW: 172.17.4.60 (Firewall Outside)
NAT for Web Server in DMZ: 172.17.4.7
Head office LAN: 172.20.8.0
Head office DMZ: 192.168.12.0
HO FW Inside: 172.20.8.65
HO DMZ: 192.168.12.10
HO FW Inside Gateway: 172.20.8.100
ISP Managed Router on Head office LAN: 172.20.8.100
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...