Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
5
Replies

Accessing dmz server from inside using both global & local IP addresses

trvenkatesan
Level 1
Level 1

‎11-06-2003 09:05 AM - edited ‎03-09-2019 05:26 AM

I have an FTP server in the DMZ with local address 172.22.1.11 and global 205.242.218.74. I configured static statements as follows:

static (DMZ,outside) 205.242.218.74 172.22.1.11 netmask 255.255.255.255 0 0

static (DMZ,inside) 205.242.218.74 172.22.1.11 netmask 255.255.255.255 0 0

I am able to access the server form outside & inside using global IP address but not local Ip address.

What do I need to access the ftp server using local Ip address from inside? Any help would be appreciated. Thanks

Labels:
0 Helpful
5 Replies 5

bfl1
Level 1
Level 1

‎11-06-2003 09:10 AM

did you try:

static(dmz,inside)172.22.1.11 172.22.1.11

When I access dmz devices from my inside interface, I too use the real address and not the publicly nat'd one and that's how I do it.

0 Helpful

trvenkatesan
Level 1
Level 1
In response to bfl1

‎11-06-2003 12:28 PM

Thanks for your response.

That will work if you only need to access the dmz server from inside. What I need is the ability to access the DMZ server using both global & local IP addresses from the inside network. Currently that is the way it is set up on a Checkpoint firewall from which I am migrating to a PIX.

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to trvenkatesan

‎11-06-2003 01:30 PM

Hi,

I dont think that is possible. It is either or OR.

Thanks

Nadeem

0 Helpful

tsyap_hp
Level 1
Level 1
In response to trvenkatesan

‎11-18-2003 07:34 AM

trvenkatesan,

I have similiar situation like you, I need to access DMZ using public IP from inside and outside. Can you show me your configuration to do that? If you don't mind, please email the config to me thro nibiru01@yahoo.com. Appreciated your help.

Hope to hear from you soon.

Thanks.

Regards,

Alex

0 Helpful

trvenkatesan
Level 1
Level 1
In response to tsyap_hp

‎11-18-2003 08:13 AM

Alex,

You can use the following lines as an example to do that for a single host in the DMZ.

static (DMZ,outside) 170.2.2.1 192.168.1.10 netmask 255.255.255.255 0 0

static (DMZ,inside) 170.2.2.1 192.168.1.10 netmask 255.255.255.255 0 0

In the above lines, 192.168.1.10 is the DMZ address and 170.2.2.1 is the public (global) address. With these lines in the config, you will be able to access the server in the DMZ from outside and inside using the public (global) address of 170.2.2.1.

If you want to access the DMZ subnet then change the netmask and host address appropriately.

Hope this helps.

venkatesan

0 Helpful
Customers Also Viewed These Support Documents