Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

jkr
New Member

515E with dmz/vlan troubles

Hi,

I have a problem, which i hope you can help me with.

Let me first say, that I only have public ip adresses configured on my pix.

We have 4 different public net's, which are routed to a single ip (pix outside)

To clarify my setup:

outside: 1.1.1.1/30

2.2.2.2/25 - 3.3.3.3/30 4.4.4.4/28 routed to my outside interface.

I have on the dmz interface created a vlan with securitylevel lower than my dmz interface.

My problem relies in, that i can't make any connections ( besides icmp ) from the vlan interface to the dmz ( or reverse )

I don't make use of nat.

I allready made static from dmz->vlan and vlan->dmz, but with no success.

Anyone know where I should start to find this problem ?

2 REPLIES
Cisco Employee

Re: 515E with dmz/vlan troubles

you should start with the log messages on the pix.

could you please provide your partial config.

thanks

Nadeem

jkr
New Member

Re: 515E with dmz/vlan troubles

Hi,

My log doesn't show anything usefull. I can see it makes a connection, but that's it.

%PIX-6-302013: Built outbound TCP connection 775014 for vlan:x.x.x.x/80 (x.x.x.x/80) to dmz:y.y.y.y/3419 (y.y.y.y/3419)

interface ethernet2 100full

interface ethernet2 vlan5 logical

nameif ethernet2 dmz security4

nameif vlan5 vlan security3

access-list dmz_access_in permit ip any any

access-list vlan_access_in permit ip any any

static (vlan,dmz) x.x.x.x x.x.x.x 255.255.255.255 0 0

static (dmz,vlan) y.y.y.y y.y.y.y netmask 255.255.255.255 0 0

126
Views
0
Helpful
2
Replies