Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Windows 2000 - inside to DMZ.

I have a few copy scripts that run on a Windows 2000 server on the inside network. These scripts copy files from a server on the DMZ to the inside server and vice versa. Do I need to use an ACL or can I just use a nat /global command as all traffic is being initiated from the inside ? If I have to use an ACL, which ports should I open. I have Windows 2003 Active Directory.

Cisco Employee

Re: Windows 2000 - inside to DMZ.

If the traffic is always initiated from the inside server, then all you need is a nat/global command.

You did mention however that files are copied in both directions, so if the DMZ server is initiating a file copy it would need to be as part of the same TCP/UDP connection, not sure how Windows would handle that though.

Easiest way to test it is to see if it works first, if it does then great. If not then enable syslogging on the PIX and look for deny messages from the DMZ server to the inside server, this will show you what type of ACL you need to apply to the dmz interface.

CreatePlease login to create content