Re: PAT ON FWSM

aksher · ‎12-17-2005

how to configure access from DMZ to LAN

for the following.

DMZ 10.80.195.14 TO LAN 10.80.132.93 ON PORT 1521

DMZ 10.80.195.15 TO LAN 10.80.132.93 ON PORT 1521

DMZ 10.80.195.16 TO LAN 10.80.132.93 ON PORT 1521

mklaphek · ‎12-19-2005

Try something like the following:

static (inside,dmz) 10.80.132.93 10.80.132.93

!

access-list DMZ permit tcp host 10.80.195.14 host 10.80.132.93 eq 1521

access-list DMZ permit tcp host 10.80.195.15 host 10.80.132.93 eq 1521

access-list DMZ permit tcp host 10.80.195.16 host 10.80.132.93 eq 1521

aksher · ‎12-19-2005

on what occassions do we need to have a static.i understand that when accessing from low sec int to high sec int.but in some cases i ve seen static missing for low to high sec int.

should we need any one nat or ACL for high to low sec int access

thanks in adv

mklaphek · ‎12-20-2005

The static allows the PIX to answer for these devices. Thus, with this static, the devices on the DMZ would send requests directly to the IP Addresses of the inside. You use an ACL to control what devices and what protocols are allowed to "use" the static that you built.

You will probably need a NAT statement to go from the inside to the outside.

There is a lot of good documentation on Cisco's website regarding static and NAT usage.Hope this helps.

Cheers