Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

dmz setup

Hi all when I setup dmx in my pix for internet web servers, would I nat these ? or put them on public ip ? and to reach these from internal would I just route to the lan interface of my pix ?

3 REPLIES

Re: dmz setup

Hi carl,

For the servers hosted in DMZ, you have to static nat them to a public IP in order to be accesible from outside and then use an access-list on the outside interface to allow the traffic for that server from the internet or outside world.

here is a smaple config :

For example you server 1.1.1.1 is hosted in DMZ and you want to access it from the internet with public ip x.x.x.x

PIX config :

static (dmz, outside) x.x.x.x 1.1.1.1

access-list 101 permit tcp any host 1.1.1.1

access-group 101 in interface outside

This should work for you.

HTH, Please rate if it does.

-amit singh

New Member

Re: dmz setup

is this not natted the other way around, I thought you do ip nat inside source static 1.1.1.1 213.44.44.44 etc ?

Re: dmz setup

Hi Carl

In pix teminology its different.it refers to traffic from a more secure interface to lower security interface.

Thanks

Mahmood

110
Views
0
Helpful
3
Replies
CreatePlease login to create content