Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

setup dmz on pix515e

Hello,

I just setup a web server. I setup the DMZ I thought but its not working. The server can access the internet just fine. An internet port scan shows port 80 is opened to the global IP but I cannot access the web server from the internet.

Here is the configs that should matter, let me know if I'm missing one. Are these configs correct? Am I missing something?

access-list outside_in permit tcp any host 68.217.84.114 eq www

ip address dmz 172.18.0.254 255.255.255.0

pdm location 172.18.0.10 255.255.255.255 dmz

static (dmz,outside) 68.217.84.114 172.18.0.10 netmask 255.255.255.255 0 0

In addition, how do I access the internal network from this server when it is on the DMZ interface?

Thanks,

Kurt

3 REPLIES

Re: setup dmz on pix515e

Kurt,

First thing I don't see and access-group line to apply your access-list to the outside interface.

access-group outside_in interface outside.

Second do you want to allow your DMZ server routed access to your inside networks or do you want it to be natted for just specific services.

To get it routed in you would add a static dmz to inside containing its ip address for both dmz and inside address parts.

static (dmz , inside) 172.18.0.10 172.18.0.10

Patrick

Community Member

Re: setup dmz on pix515e

Hello, thanks for your reply. I did have that line, I just forgot to copy it here.

access-group outside_in in interface outside

I called Cisco support and I didn't know it but it was accessible from outside our network. He added these two commands and now its accessible from the inside also.

static (dmz,inside) 68.217.84.114 172.18.0.10 netmask 255.255.255.255

global (dmz) 10 interface

I have another question. How can I make this windows server part of our domain and have file sharing etc? Do I have to use another network adapter? What is the best way to do that? I want to be able to access it from our 192.168 network.

Thanks,

Kurt

Re: setup dmz on pix515e

Kurt,

So your going to connecto to it using the same public ip address as outside instead of connecting to it via its private address.

static (dmz,inside) 68.217.84.114 172.18.0.10 netmask 255.255.255.255

vs

static (dmz,inside) 172.18.0.10 172.18.0.10 netmask 255.255.255.255

To allow file shareing you just need to allow the different windows ports required for file sharing out of the dmz to the lan nets and vica versa.

Patrick

Please rate any posts that were helpful

221
Views
0
Helpful
3
Replies
CreatePlease to create content