Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX DMZ access to public translations?

I'm trying to setup a DMZ host to have access to a public interface translation for a host in another DMZ. Is this possible on PIX? For example:

public IP for dmz_b host 192.168.1.5

dmz_a host 10.1.1.5

dmz_b host 10.1.2.5

I'd like to configre dmz_a host to access dmz_b host's public IP of 192.168.1.5.

THanks.

3 REPLIES
Bronze

Re: PIX DMZ access to public translations?

Hi

you need to use alias command to achieve this, the syntax would be :

alias(interface) dnat_ip actual_ip

eg. : alias(dmz_a) 192.168.1.5 10.1.1.5

"dmz_a" is the interface where requests are coming from source to access the destination host i.e. "b".

alias command would stop your PDM, incase you are using it.

regards

aashish C

Silver

Re: PIX DMZ access to public translations?

Hi there,

There are several solutions to this problem depending on which version of PIX OS you are using and whether nat-control and/or same-security-traffic is used.. here are some possibilites:

Given that DMZ-A has a lower security level than DMZ-B:

static (DMZ-B,DMZ-A) 192.168.1.5 10.1.2.5 netmask 255.255.255.255

Or this one if DMZ-A is on a higher security level than DMZ-B:

alias (DMZ-A) 192.168.1.5 10.1.2.5 255.255.255.255

Also see these links:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

http://www.ciscotaccc.com/security/showcase?case=K81837729

Did it help? If so, please rate it.

New Member

Re: PIX DMZ access to public translations?

Thank you both for your responses, I'll get in the lab sometime today to test.

89
Views
9
Helpful
3
Replies