I've got a pix 515 with a dmz interface. I'm trying to do a relatively simple thing but my lack of experience with configuring a pix from scratch is showing. Please forgive the newbie nature of the question :).
On the DMZ I want to host 3 web servers and a video server. 2 of the web servers need to speak with a db server on the inside via 1433 The other web server is an OWA front end server(windows 2k) and needs to speak with a domain controller and mail server on the inside over a variety of ports.
The video server has no need to communicate to the inside.
I've created a set of rules and the result is that none of the web servers are accessible from the outside - in fact as far as I can tell, there is no communication from the DMZ to the outside whatsoever. I can't browse from the DMZ, I can't hit a DMZ server, I can't ping from the DMZ... - nothing.
The database server is accessible from the DMZ to the inside as well as DNS servers from the DMZ to the inside and I haven't tested owa. The problem is that I don't have much of a window of opportunity for installing/testing this - on the order of 2 hrs. I tried to install last night and basically my 2 hrs were up with no (very limited) success.
Following is the configuration (sanitized for public consumption) anything jump out at anyone????
Thank you for your reply. I appreciate the well thought response. I am going to try to convert the conduit commands to their acl equivelants manually because at the moment I am a "registered guest" in Cisco's eyes.
The only thing that may not convert easily is this:
IP x.x.x.237 is static'd into 192.168.1.101 *except* port 5150 which is static'd into 10.1.1.101. Is this even do-able???
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...