Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX to PIX alias

I have a main PIX 520 with a DMZ. In the DMZ we house our corporate WEB server. We also have 5 sites which have PIX506's to connect back to the PIX520 . We are using the alias command internally and all users can access the web server in the dmz except the remote PIX sites. The alias command we are using is : alias (inside) 12.19.224.xx 172.16.0.21 255.255.255.255. What is needed for the remote PIX sites to access the web server in the DMZ? thanks

  • Other Security Subjects
1 REPLY
New Member

Re: PIX to PIX alias

Thomas:

On your 520:

access-list permit tcp any 12.19.224.xx eq www

access-group in interface outside

static (dmz,outside) 172.16.0.21 12.19.224.xx netmask 255.255.255.255

This will configure a static NAT for the DMZ web server to the outside, and acl entries to permit port 80 access.

At the remote sites users should now be able to access your DMZ web server on 12.19.224.xx on whatever ports you've opened with the access-list.

That should do it!

Rich

98
Views
0
Helpful
1
Replies
This widget could not be displayed.