10-11-2006 01:22 AM - edited 02-21-2020 01:13 AM
People,
I have been asked a quetsion about a Cisco PIX (I do not know what model it is) of which I have very very limited knowledge. The person asking me the question, is helping someone else!!. I apologise in advance for the lack of information here, but Im hoping someone that has expert PIX skills will be able to diagnose the potential problem, or ask me the question to ask down the chain to get this fixed. The question they asked me was:-
"cannot get NAT to work properly between the DMZ and other ports"
I know this is very skectchy, but because I am not a firewall or security guy Im not sure what I am looking for or what other questions I need to ask. I do however have a copy of the config, if any one can help, one would really appreciate it.
Attached is config.
Solved! Go to Solution.
10-11-2006 04:56 AM
I think the above is not an issue.
However, the below is an issue;
static (dmz1,outside) 20.20.20.252 switch1 netmask 255.255.255.255 0 0
static (dmz1,outside) 20.20.20.22 switch1 netmask 255.255.255.255 0 0
I believe it should be;
static (dmz1,outside) 20.20.20.252 switch1 netmask 255.255.255.255 0 0
static (dmz1,outside) 20.20.20.22 nlbweb1 netmask 255.255.255.255 0 0
Let us know if it helps,
Paul
10-11-2006 03:41 AM
I dont know what does mean "DMZ and other ports"
but there is some DMZ NAT strange configuration
global (dmz1) 1 10.30.30.100
nat (dmz1) 1 10.30.30.0 255.255.255.0 0 0
It means that host on DMZ1 are NATed to IP from same range
fe. host 10.30.30.10 is NATed to 10.30.30.100 even further host 10.30.30.100 is "NATed" to 10.30.30.100... It could be a problem... Why is it configured like this?? What is role of DMZ host, where should they access, from where should be those host accessible???
M.
Hope that helps rate if it does
10-11-2006 04:56 AM
I think the above is not an issue.
However, the below is an issue;
static (dmz1,outside) 20.20.20.252 switch1 netmask 255.255.255.255 0 0
static (dmz1,outside) 20.20.20.22 switch1 netmask 255.255.255.255 0 0
I believe it should be;
static (dmz1,outside) 20.20.20.252 switch1 netmask 255.255.255.255 0 0
static (dmz1,outside) 20.20.20.22 nlbweb1 netmask 255.255.255.255 0 0
Let us know if it helps,
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide