Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Let User at DMZ access Inside network

Hi,

How to configure PIX 515E 6.3 to allow users at DMZ access the server at Inside network?

3 REPLIES

Re: Let User at DMZ access Inside network

You need to allow that access on the ACL applied to the DMZ interface and also you need to create a static nat for your inside server something like this:

static ( inside,dmz ) DMZ_IP_Address inside_IP_Address netmask 255.255.255.255

the accesss-list in this case needs to allow access from your DMZ users to inside_IP_address

New Member

Re: Let User at DMZ access Inside network

Thanks for your reply.

With the configuration above, the users at DMZ only can access the server at Inside by accessing DMZ_IP_Address. What if users in DMZ need to access to server in Inside directly (inside_IP_Address).

Re: Let User at DMZ access Inside network

then .. you need to allow that access on the access list applied to the DMZ interface .. you need to create a nat 0 instruction which will allow traffic from you DMZ hosts to the inside server

nat (DMZ ) 0 access-list 1

access-list 1 permit

NOTE: you might also need to add another nat 0 to inside interface

nat ( inside ) 0 access-list 2

access-list 2 permit < inside server>

227
Views
0
Helpful
3
Replies
CreatePlease login to create content