Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PAT ON FWSM

how to configure access from DMZ to LAN

for the following.

DMZ 10.80.195.14 TO LAN 10.80.132.93 ON PORT 1521

DMZ 10.80.195.15 TO LAN 10.80.132.93 ON PORT 1521

DMZ 10.80.195.16 TO LAN 10.80.132.93 ON PORT 1521

3 REPLIES
New Member

Re: PAT ON FWSM

Try something like the following:

static (inside,dmz) 10.80.132.93 10.80.132.93

!

access-list DMZ permit tcp host 10.80.195.14 host 10.80.132.93 eq 1521

access-list DMZ permit tcp host 10.80.195.15 host 10.80.132.93 eq 1521

access-list DMZ permit tcp host 10.80.195.16 host 10.80.132.93 eq 1521

New Member

Re: PAT ON FWSM

on what occassions do we need to have a static.i understand that when accessing from low sec int to high sec int.but in some cases i ve seen static missing for low to high sec int.

should we need any one nat or ACL for high to low sec int access

thanks in adv

New Member

Re: PAT ON FWSM

The static allows the PIX to answer for these devices. Thus, with this static, the devices on the DMZ would send requests directly to the IP Addresses of the inside. You use an ACL to control what devices and what protocols are allowed to "use" the static that you built.

You will probably need a NAT statement to go from the inside to the outside.

There is a lot of good documentation on Cisco's website regarding static and NAT usage.Hope this helps.

Cheers

298
Views
0
Helpful
3
Replies