Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix DMZ to inside or DMZ to DMZ interface

I have a question possibly someone can help with. I am trying to allow access to a novell BM server to act as a SMTP proxy as well as a Web Proxy Server and I can't get Full connectivity to the DMZ eventhough I sue a static Conduit combo such as this.

static (dmz,outside) X.X.X.X 192.168.100.10 netmask 255.255.255.255 0 0

static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0

conduit permit udp host X.X.X.X 10.0.0.0 255.0.0.0

conduit permit tcp host X.X.X.X 10.0.0.0 255.0.0.0

conduit permit ip host X.X.X.X 10.0.0.0 255.0.0.0

conduit permit tcp host X.X.X.X eq smtp any

conduit permit tcp host X.X.X.X eq www any

conduit permit icmp host X.X.X.X any echo

DMZ is 192.168.X.X - inside is 10.X.X.X

5 REPLIES
New Member

Re: Pix DMZ to inside or DMZ to DMZ interface

I would like to help out here, but the information you provided is not enough to determine exactly what you are trying to do. If you like, you can email me directly.

New Member

Re: Pix DMZ to inside or DMZ to DMZ interface

Thanks, but I have got it working, via a work around that is not very secure, It is an inherant problem with Novell products and SLP registration, esentially I am trying to make sure SLP and Time Sync pass through the pic un translated, however they us a from of broadcast which pix doesn't pass. My best solution is to put a Linux box on my DMZ and use Squid the http proxy and use postfix as a Smart host relay for SMTP traffic.

New Member

Re: Pix DMZ to inside or DMZ to DMZ interface

I have some access problem with the security from low to high. My Microsoft SQL Server is connecting to Inside(High,100) and having network 192.168.1.0/24. My webserver is connecting to DMZ(low, 50) and having network 172.18.0.0/16. This webserver has to access to SQL server for datasource. I can't establish ODBC connection even though I use static/conduit pair of commands for opening the port 1433 from low to high security. Why? Please advise. Thanks.

New Member

Re: Pix DMZ to inside or DMZ to DMZ interface

- Make sure you have a route to the dmz network - Im sure you do:

route dmz 192.168.x.0 mask 255.255.255.0 192.168.x.1

etc..

- Use logging to troubleshoot your issue;

Try to see what error or if you are even getting through to the firewall - meaning if the PIX is seeing your traffic from the DMZ.

Use: sh conn - to see connections being bulit.

Use:

debug icmp trace

debug packet inside

debug packet dmz

the "no" option to turn off the above.

You can you this site to help you with any error messages for the PIX:

http://te.cisco.com/srvs/cgi-bin/webcgi.exe?New,KB=PIX,dtree=stepbystep

Hope it helps.

New Member

Re: Pix DMZ to inside or DMZ to DMZ interface

Thanks for this piece of info.

177
Views
0
Helpful
5
Replies
CreatePlease to create content