Access from lower to higher security interface (PIX 520 Version 6)
I'm trying to permit traffic from a lower security interface (i.e. DMZ) to a higher security interface (i.e. Inside). I want Servers on the DMZ to connect to Servers on the inside network using the inside Servers IP address, not a NAT'd one.I can do this by creating a static rule, mapping <inside Server IP address> to <inside Server IP address>, and creating associated access-lists. However I do not want to have to create a static for every Server I'm likely to want to access on the inside network.I need to find the answers to the following;Qu.1: It's been suggested to me to use a NAT 0. Does this only apply to traffic going from a higher to lower security interface, not the other way round ?Qu.2: Is the only way to go from a lower security interface to a higher one is via the static command ?
Re: Access from lower to higher security interface (PIX 520 Vers
I don't think that nat 0 is apropriate here, but you can use a subnet mask when setting up your static. This should simplify your configuration somewhat. Similarly, your access-lists can be setup to use a subnet mask (instead of individual hosts).
I think this is the way to do it -- some please correct me if I'm wrong!
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...