problems routing to DMZ from outside

banalas_2 · ‎02-25-2003

i have PIX Firewall with three interfaces, Problem routing to DMZ

router---PIX----DMZ another interface to to inside

i have class c addresss from my ISP i subneted into 2 network with 255.255.255.128 first rang of addressx.x.x.1- x.x.x.126 is used for outside side interface of PIX which is connected to router and i used x.x.x128 - x.x.x.254 to DMZ i can ping any host or i cannot connect to any host on DMZ

how to route between these 2 networks

thanks in advance

thisisshanky · ‎02-25-2003

From which network are you trying to access the DMZ ??

From the inside or outside....

From outside, you need a conduit or access-list configured to allow connection from outside to dmz.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

banalas_2 · ‎02-25-2003

from outside i have the following accessl ist on the out side interface of PIX

access-list outside_access_in permit tcp any host x.x.x.130 eq smtp

access-list outside_access_in permit tcp any host x.x.x131 eq smtp

access-list outside_access_in permit udp any host x.x.x.130 eq domain

access-list outside_access_in permit udp any host x.x.x.131 eq domain

access-list outside_access_in permit icmp any any

access-list outside_access_in deny ip any any

thisisshanky · ‎02-25-2003

Have you applied this access-list on the outside interface as follows?

access-group outside_access_in in interface outside

Also check if there is a static translation for the ip addresses x.x.x.130, x.x.x.131 into the local ip addresses of the servers in the DMZ. (Use static command)

This link might help!

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus