Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Passing traffic from dmz1 to dmz2 using a PIX 515 - IOS 6.22

I have a PIX 515 with 6 interfaces (4 dmz). Users in inside can pass traffic to outside. Internet users can access to a web server in dmz2. But, the web server on dmz2 can't initiate sessions to dmz1.

Dmz1 have a security level of 80 and dmz2 40.

I know that when a session have been originating from a lower security interface to a higher security interface should be a static rule.

Example:

static (dmz1,dmz2) 192.168.2.22 192.168.1.2 netmask 255.255.255.255

access-list acl_dmz2 permit tcp any host 192.168.2.22 eq www

access-group acl_dmz2 in interface dmz2

This is not working in my pix.... any idea?

1 REPLY
New Member

Re: Passing traffic from dmz1 to dmz2 using a PIX 515 - IOS 6.22

Does 192.168.2.22 know how to get to 192.168.1.2? Make sure you have a route for that.

-rgrcommo

295
Views
0
Helpful
1
Replies
CreatePlease login to create content