Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX 525

Hello All,

I have a dmz interface running on network 192.168.2.0 and inside network running on 192.168.1.0. I want all of my devices on dmz to connect to devices on inside network. What conduit commands I could use in conjuction with the command below to open the whole network from dmz to inside.

static (inside, dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

1 REPLY
New Member

Re: PIX 525

Hi,

That kind of configuration is completely unsecure. What you want, is opening completely your internal network from DMZ, and this one, by definition, is open to the Internet, then internal nets will be open to the Internet through DMZ servers. Of course, it's possible to do that, but you shouldn't. But, if you absolutely want that config, move your servers to inside and kill your DMZ network, you don't need it anymore. Don't forget, F/Ws aren't miracle box against hackers. They just filtered out some attacks based on the security you have configured on it. Then, f/w is as good as the person who has configured it.

If you want some advices on this subject, you can contact me directly.

Ben

92
Views
0
Helpful
1
Replies