I have 2 Cisco PIX 525 configured as Active/Standby failover mechanism. There are a DMZ interfaces on both failover pair configured for protecting web and mail servers. The inside interfaces connected to a backbone/core switch. Many users hosts are in different VLANS in this core switch.
My problem is that i need to allow a specific host in a specific VLAN to manage the DMZ servers using remote desktop,ping,telnet and etc....
Of course, my first step was to create a static NAT for this specific host to gain access to the DMZ servers subnet. Then, i created access-list to allow the previous protocols that i mentioned. However,the host still not accessing the DMZ subnet.
When i run a 'tracert' command from this windows host to the web server, i noticed the first hop was the interface VLAN and then the packet dies. The default gateway for all the VLANS is the primary PIX inside interface and they all access the internet properly.
Are there any other things that i must use other than NAT and access-list? or is there something that i must create in the core switch?
You just need a static translation for the inside host like the one below. You don't need to configure an ACL for the inside host to access devices on DMZ as the inside interface has higher security than DMZ. If you already have an ACL applied on the inside interface then make sure the traffic from the inside host to DMZ isn't blocked.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...