Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

DMZ access to Internet and Inside


I used a sample config to ask this question so I would not have to post my customers config. My question is: With this setup will the server on the DMZ be able to browse the internet? And will the inside users be able to get to the DMZ.

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

hostname pixfirewall


name webserver

access-list acl_out permit icmp any any

access-list acl_out permit tcp any host 209.x.x.6 eq 80

access-list ping_acl permit icmp any any

pager lines 24

logging buffered debugging

interface ethernet0 100basetx

interface ethernet1 100basetx

interface ethernet2 100basetx

mtu outside 1500

mtu inside 1500

mtu dmz 1500

ip address outside 209.x.x.x.x.255.224

ip address inside

ip address dmz 192.x.x.x.x.255.0

no failover

arp timeout 14400

global (outside) 1 209.x.x.x.165.201.30

global (outside) 1 x.x.201.5

global (dmz) 1

nat (inside) 1

nat (dmz) 1 192.x.x.x.255.255.0

static (dmz,outside) 209.x.x.6 webserver netmask

access-group acl_out in interface outside

access-group ping_acl in interface inside

access-group ping_acl in interface dmz

no rip inside passive

no rip outside passive

no rip inside default

no rip outside default

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00

udp 0:02:00 rpc 0:10:00 h323 0:05:00

sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

no snmp-server location

no snmp-server contact

snmp-server community public


telnet timeout 15

New Member

Re: DMZ access to Internet and Inside

Sorry that should have been

global (outside) 1

global (outside) 1

global (dmz) 1

nat (inside) 1

nat (dmz) 1

CreatePlease to create content