Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Accessing dmz server from inside using both global & local IP addresses

I have an FTP server in the DMZ with local address 172.22.1.11 and global 205.242.218.74. I configured static statements as follows:

static (DMZ,outside) 205.242.218.74 172.22.1.11 netmask 255.255.255.255 0 0

static (DMZ,inside) 205.242.218.74 172.22.1.11 netmask 255.255.255.255 0 0

I am able to access the server form outside & inside using global IP address but not local Ip address.

What do I need to access the ftp server using local Ip address from inside? Any help would be appreciated. Thanks

5 REPLIES
Community Member

Re: Accessing dmz server from inside using both global & local I

did you try:

static(dmz,inside)172.22.1.11 172.22.1.11

When I access dmz devices from my inside interface, I too use the real address and not the publicly nat'd one and that's how I do it.

Community Member

Re: Accessing dmz server from inside using both global & local I

Thanks for your response.

That will work if you only need to access the dmz server from inside. What I need is the ability to access the DMZ server using both global & local IP addresses from the inside network. Currently that is the way it is set up on a Checkpoint firewall from which I am migrating to a PIX.

Silver

Re: Accessing dmz server from inside using both global & local I

Hi,

I dont think that is possible. It is either or OR.

Thanks

Nadeem

Community Member

Re: Accessing dmz server from inside using both global & local I

trvenkatesan,

I have similiar situation like you, I need to access DMZ using public IP from inside and outside. Can you show me your configuration to do that? If you don't mind, please email the config to me thro nibiru01@yahoo.com. Appreciated your help.

Hope to hear from you soon.

Thanks.

Regards,

Alex

Community Member

Re: Accessing dmz server from inside using both global & local I

Alex,

You can use the following lines as an example to do that for a single host in the DMZ.

static (DMZ,outside) 170.2.2.1 192.168.1.10 netmask 255.255.255.255 0 0

static (DMZ,inside) 170.2.2.1 192.168.1.10 netmask 255.255.255.255 0 0

In the above lines, 192.168.1.10 is the DMZ address and 170.2.2.1 is the public (global) address. With these lines in the config, you will be able to access the server in the DMZ from outside and inside using the public (global) address of 170.2.2.1.

If you want to access the DMZ subnet then change the netmask and host address appropriately.

Hope this helps.

venkatesan

109
Views
0
Helpful
5
Replies
CreatePlease to create content