cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
323
Views
0
Helpful
1
Replies

Pix515e

l.violo
Level 1
Level 1

I have a customer with a PIX 515E which I recently configured using a combination of access lists and conduits. The customer has an unusual request. From the inside interface I can access the DMZ ok, and from the outside I can access the DMz as well. The customer wants the ability to access the inside from the DMZ. I beleive that this cannot be done as I have tried conduit and access-lists with no sucess. In addition, I do not think this to be a good idea given the risks involved with access from a DMZ to an inside interface. Your thoughs ?

1 Reply 1

anavarro
Level 1
Level 1

I don't see why you would use access-list and conduits simultaneously, but either way since the dmz has lower security than the inside you would apply an access-list on the dmz interface specifying the services needed to enter the inside, just like you would for outside to dmz. You would also need static mappings to the inside hosts that need to be accessed. But I would not allow the entire inside to be accessed by the dmz.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: