Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access to DMZ from Inside.

Hello ,

I have a request to allow couple of hosts from Internal Network to DMZ Zone host through port 25 for SMTP emails . I can create static , but that will open all ports . I created an access list from Inside hostto DMZ host eq 25 and created Static also. After applying this access list rule , it blocked the whole traffic through Inside Network.

I did this configuration through PIX PDM GUI .What went wrong ?.I deleted the access list which I created and pix started working normal.The PIX IOS ver is 6.3(3)

Regards,

Raju

  • VPN
2 REPLIES
New Member

Re: Access to DMZ from Inside.

After creating the STATIC..

You need to allow the traffic to the DMZ then deny all other traffic to the DMZ then allow all other traffic to the internet, on an access-list on the inside interface IE:

DMZ == 172.16.1.0 /24

Internal == 192.168.1.0 /24

access-list inside permit host 192.168.1.10 host 172.16.1.5 eq 25

access-list inside permit host 192.168.1.5 host 172.16.1.5 eq 25

access-list inside deny ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 80

access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 443

access-group inside in interface inside

New Member

Re: Access to DMZ from Inside.

This is exactly what I am trying to do now. Can you please post the static statement and if possible your final working config.

Thanks.

169
Views
0
Helpful
2
Replies