Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX515E Help!!!! Inside to DMZ

Hi all, I hope someone can help me. I'm totally new to the PIX and I cant seem to get my inside network to see my web servers on my DMZ. I've attached my config file. Any advice would be a great help!

9 REPLIES
New Member

Re: PIX515E Help!!!! Inside to DMZ

You do not have a nat for your inside hosts accessing the DMZ.

nat (inside) 10 0.0.0.0 0.0.0.0 0 0

would need

global (dmz) 10 interface

You dont really need this:

static (dmz,inside) 172.16.5.4 172.16.1.4 netmask 255.255.255.255 0 0

static (dmz,inside) 172.16.5.5 172.16.1.5 netmask 255.255.255.255 0 0

static (dmz,inside) 172.16.5.6 172.16.1.6 netmask 255.255.255.255 0 0

static (dmz,inside) 172.16.5.7 172.16.1.7 netmask 255.255.255.255 0 0

static (dmz,inside) 172.16.5.8 172.16.1.8 netmask 255.255.255.255 0 0

HTH

New Member

Re: PIX515E Help!!!! Inside to DMZ

Awesome! Thanx I'll try it tonight!!!

New Member

Re: PIX515E Help!!!! Inside to DMZ

Hello Jason,

How are you trying to reach them, are you using the internal ip address 172.16.5.x address, domain name?

try browsing them using the internal ip.

New Member

Re: PIX515E Help!!!! Inside to DMZ

I can see then with the 172.16.1 address but not with the outside address

New Member

Re: PIX515E Help!!!! Inside to DMZ

Hi There Did you solve this problem?.... I do have similer probmlem connecting from Inside to DMZ..............

New Member

Re: PIX515E Help!!!! Inside to DMZ

Actually u dont even need to NAT at all..

U can remove the static nat and also the nat 10

U can do a nat exempt

Just say

access-list nonat permit ip 172.16.5.0 255.255.255.0 172.16.1.0 255.255.255.0

nat (inside) 0 access-list nonat

I think that should take care of your problems.

I am assuming int his case that the session is being initiated from inside interface to DMZ.

New Member

Re: PIX515E Help!!!! Inside to DMZ

Thanx I'll give it a try

New Member

Re: PIX515E Help!!!! Inside to DMZ

Hello Jason,

If you wanted to reach them using the public ip then you should use a static command destination nat.

static (dmz,inside) 24.249.123.36 172.16.1.5 netmask 255.255.255.255 0 0

Using this static command, you should be able to reach them browsing by ip.

New Member

Re: PIX515E Help!!!! Inside to DMZ

you are the man!!!!!!!!! Thank you so much it worked great. If you're ever in VA I owe you a beer!!!!

104
Views
5
Helpful
9
Replies
CreatePlease to create content