Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

rai
New Member

Verify DMZ Config

My ISP points their DNS server to 216.202.205.253 which will point back to our webserver (192.168.0.2). Here are the parameters of my pix 515

outside: 216.202.205.250

inside: 128.1.1.10

DMZ: 192.168.0.1

Here is my proposed DMZ config:

global (DMZ) 1 192.168.10-192.168.0.254

static (DMZ, outside) 216.202.205.253 192.168.0.2 netmask 255.255.255.255 1010

conduit permit tcp host 216.202.205.253 eq www any

nat (inside) 1 0.0.0.0 0.0.0.0 0

nat (DMZ) 1 192.168.0.0 255.255.255.0

Could anyone verify if this is a good config? Please advise. Thanks.

2 REPLIES
New Member

Re: Verify DMZ Config

Why do you need the "nat (DMZ) 1 192.168.0.0 255.255.255.0 " command??

and also the "global (DMZ) 1 192.168.10-192.168.0.254" Firstly this is not a registered address and secondly you dont need dmz to make an outbound connection, do you?

Also why do you want to NAT the inside address when it's already a legal ip address or is it not registered. In that case you will need the corresponding global address i.e global (outside) 1 .......

New Member

Re: Verify DMZ Config

It looks good to me but the prob I have with it is the conduit statement you would be better served usin access-list rather than conduit

115
Views
0
Helpful
2
Replies
CreatePlease login to create content