PIX - Help routing from one DMZ to another

whiteford · ‎03-14-2006

I have 2 DMZ's one has web servers on (DMZ1) it and the other is where all our regional networks come into (DMZ2). If I just base it on one regional network, I am just wondering what I need to first look at, I take it the PIX will do allthe routing?

rais.ahmad · ‎03-14-2006

If you are talking about routing between two different security zones (dmz1 and dmz2), pix will handle that.

whiteford · ‎03-15-2006

Yeah, I can't get users on the DMZ2 to conenct to the DMZ1 servers. However the LAN users (were the PIX is based) can.

rais.ahmad · ‎03-15-2006

I hope you have rules setup correctly to let this traffic flow.

Thanks.

griffijo · ‎03-19-2006

Remember that the PIX allows by default any sessions or data flows to pass from a higher security interface to a lower security interface without restrictions, but if you want to be able to communicate from a lower security interface to a higher security interface that needs to be configured. Also, the PIX is only aware of directly connected networks, if you have other networks behind what is directly connected to an interface you need route statements. Example:

route inside_edu 10.0.0.0 255.0.0.0 10.124.0.1

chitre_salil · ‎03-19-2006

Hi,

When you are accessing network at higher security interface of a PIX from lower security interface you need access-lists setup to allow the access.

If DMZ1 is at a higher security level than DMZ2 thn you need a access-list applied to DMZ2 interface allowing traffic out to dmz1.

Hope this helps