05-09-2003 06:09 AM - edited 03-09-2019 03:13 AM
I am new to PIX and appreciate any help!
I have an email server on my dmz(20). I want to access from ccl(80) interface.
alias (CCL) 168.X.X.X(global ip of email server on dmz) 192.168.X.X (NATed static IP of email server on dmz)255.255.255.255.
Will this allow people on the ccl to communicate with email server on the dmz.
Do I need to add a static (CCL,DMZ) 192.168.X.X 192.168.X.X netmask 255.255.255.0
05-09-2003 10:34 AM
Hi,
to allow access from a higher (80) to a lower (20) security level you only need a translation command.
So the alias command is not necessary for this.
For the translation commands, you can choose between these:
-- NAT and GLOBAL command
nat (inside) 1 192.168.x.x 255.255.255.0
global (dmz) 1 interface
-- STATIC command
static (inside,outside) .... please have a look at the command reference for the syntax
Make sure you don't have an access-list bound to your inside interface that is blocking the traffic.
Kind Regards,
Tom
05-10-2003 12:06 AM
Are you accessing your mail server from ccl using the domain-name and the DNS server is on outside (ISP)? Should that the case, then your alias looks good, you will not need the static (CCL,DMZ).
However, if you just want to access the mail server using its own private address then all you need is nat--global.
Thanks,
Mynul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: