Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Configuring DMZ on PIX 515

Hey guys/gals:

I want to put a web server on my DMZ. I set up the IP address on the PIX's DMZ. How can get my web server access to my inside network and vice versa? I don't know what to do next.

I already created a VLAN in my network for this network 172.16.0.0. This network is in the same network as the DMZ's IP.

Muchas Gracias

5 REPLIES
Green

Re: Configuring DMZ on PIX 515

So if you have something like

ip address dmz 172.16.0.1 255.255.255.0

ip address inside 192.168.1.1 255.255.255.0

To get the inside and dmz to talk you could add..

static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

To initiate communication from the dmz to the inside you will also need to create an acl on the dmz. For instance, to get the dmz network to hit the inside network on port 80 and 443 it would look like this...

access-list dmz permit tcp 172.16.0.0 255.255.255.0 192.168.1.0 255.255.255.0 eq 80

access-list dmz permit tcp 172.16.0.0 255.255.255.0 192.168.1.0 255.255.255.0 eq 443

access-list dmz deny ip any 192.168.1.0 255.255.255.0

access-list dmz permit ip any any

access-group dmz in interface dmz

Please rate helpful posts.

New Member

Re: Configuring DMZ on PIX 515

Is this line correct? Or do these two networks need to be different?

static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

I don't understand this command. Thanks

Green

Re: Configuring DMZ on PIX 515

It's correct. It is so no nat will take place between inside and dmz.

New Member

Re: Configuring DMZ on PIX 515

you also need to setup the devices on the DMZ with the default gateway to match that of the FW DMZ interface.

New Member

Re: Configuring DMZ on PIX 515

Hello,

I'm just curious about this command "access-list dmz permit ip any any"...is it really necessary?

105
Views
4
Helpful
5
Replies
CreatePlease to create content