Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1964
Views
0
Helpful
5
Replies

Pix DMZ to inside or DMZ to DMZ interface

ggreynolds
Level 1
Level 1

‎08-09-2001 12:49 PM - edited ‎02-20-2020 09:49 PM

I have a question possibly someone can help with. I am trying to allow access to a novell BM server to act as a SMTP proxy as well as a Web Proxy Server and I can't get Full connectivity to the DMZ eventhough I sue a static Conduit combo such as this.

static (dmz,outside) X.X.X.X 192.168.100.10 netmask 255.255.255.255 0 0

static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0

conduit permit udp host X.X.X.X 10.0.0.0 255.0.0.0

conduit permit tcp host X.X.X.X 10.0.0.0 255.0.0.0

conduit permit ip host X.X.X.X 10.0.0.0 255.0.0.0

conduit permit tcp host X.X.X.X eq smtp any

conduit permit tcp host X.X.X.X eq www any

conduit permit icmp host X.X.X.X any echo

DMZ is 192.168.X.X - inside is 10.X.X.X

1 person had this problem
0 Helpful
5 Replies 5

rrbleeker
Level 1
Level 1

‎08-13-2001 08:42 PM

I would like to help out here, but the information you provided is not enough to determine exactly what you are trying to do. If you like, you can email me directly.

0 Helpful

ggreynolds
Level 1
Level 1
In response to rrbleeker

‎08-14-2001 09:52 AM

Thanks, but I have got it working, via a work around that is not very secure, It is an inherant problem with Novell products and SLP registration, esentially I am trying to make sure SLP and Time Sync pass through the pic un translated, however they us a from of broadcast which pix doesn't pass. My best solution is to put a Linux box on my DMZ and use Squid the http proxy and use postfix as a Smart host relay for SMTP traffic.

0 Helpful

mwwong
Level 1
Level 1
In response to rrbleeker

‎09-07-2001 03:41 AM

I have some access problem with the security from low to high. My Microsoft SQL Server is connecting to Inside(High,100) and having network 192.168.1.0/24. My webserver is connecting to DMZ(low, 50) and having network 172.18.0.0/16. This webserver has to access to SQL server for datasource. I can't establish ODBC connection even though I use static/conduit pair of commands for opening the port 1433 from low to high security. Why? Please advise. Thanks.

0 Helpful

rgrcommo
Level 1
Level 1

‎09-08-2001 01:56 PM

- Make sure you have a route to the dmz network - Im sure you do:

route dmz 192.168.x.0 mask 255.255.255.0 192.168.x.1

etc..

- Use logging to troubleshoot your issue;

Try to see what error or if you are even getting through to the firewall - meaning if the PIX is seeing your traffic from the DMZ.

Use: sh conn - to see connections being bulit.

Use:

debug icmp trace

debug packet inside

debug packet dmz

the "no" option to turn off the above.

You can you this site to help you with any error messages for the PIX:

http://te.cisco.com/srvs/cgi-bin/webcgi.exe?New,KB=PIX,dtree=stepbystep

Hope it helps.

0 Helpful

mwwong
Level 1
Level 1
In response to rgrcommo

‎09-09-2001 07:28 PM

Thanks for this piece of info.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card