12-17-2005 09:05 AM - edited 03-09-2019 01:23 PM
how to configure access from DMZ to LAN
for the following.
DMZ 10.80.195.14 TO LAN 10.80.132.93 ON PORT 1521
DMZ 10.80.195.15 TO LAN 10.80.132.93 ON PORT 1521
DMZ 10.80.195.16 TO LAN 10.80.132.93 ON PORT 1521
12-19-2005 10:40 AM
Try something like the following:
static (inside,dmz) 10.80.132.93 10.80.132.93
!
access-list DMZ permit tcp host 10.80.195.14 host 10.80.132.93 eq 1521
access-list DMZ permit tcp host 10.80.195.15 host 10.80.132.93 eq 1521
access-list DMZ permit tcp host 10.80.195.16 host 10.80.132.93 eq 1521
12-19-2005 04:04 PM
on what occassions do we need to have a static.i understand that when accessing from low sec int to high sec int.but in some cases i ve seen static missing for low to high sec int.
should we need any one nat or ACL for high to low sec int access
thanks in adv
12-20-2005 06:18 AM
The static allows the PIX to answer for these devices. Thus, with this static, the devices on the DMZ would send requests directly to the IP Addresses of the inside. You use an ACL to control what devices and what protocols are allowed to "use" the static that you built.
You will probably need a NAT statement to go from the inside to the outside.
There is a lot of good documentation on Cisco's website regarding static and NAT usage.Hope this helps.
Cheers
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: