Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
3
Replies

External IP for internal machine on dmz

seannoah
Level 1
Level 1

‎05-07-2003 11:14 AM - edited ‎03-09-2019 03:11 AM

Scenario: What is the best way to assign an external IP address to an internal machine or firewall on dmz. This machine needs to have completely open access out and completely open access in (from internet). What is the best way to do this and allow that access only to the one ip?

Labels:
0 Helpful
3 Replies 3

mike.scaggs
Level 1
Level 1

‎05-07-2003 12:46 PM

First, why are you allowing full access inbound? If that's the case, set it outside the firewall and let the hackers go nuts...

If you need to translate the box from the DMZ to the outside do the following.

static (dmz,outside) (public IP) (internal IP) netmask 255.255.255.255 0 1000

remember, if you are private on the inside and private in the DMZ you will need to set up some nonat rules so the inside can reach your DMZ if that is permitted.

0 Helpful

seannoah
Level 1
Level 1
In response to mike.scaggs

‎05-07-2003 01:14 PM

There is going to be a second firewall on the inside of the pix. All traffic needs to pass through the first on the dmz but only for the firewall ip.

What about all traffic going out to the internet? What command for this?

0 Helpful

l.mourits
Level 5
Level 5
In response to seannoah

‎05-13-2003 01:58 AM

The static command will normally also provide the outside access, as well as the inside access (assuming you have set up the appropiate access-list and securitylevels on you PIX)

Please provide your config if more help is needed

Regards,

Leo

0 Helpful
Customers Also Viewed These Support Documents