Established through PIX - CLEAR GUIDELINES

mrrussell — Fri, 21 Feb 2020 07:53:20 GMT

I'm looking for clear guidelines, as the Cisco command ref, config guides etc do not cover all the combination of options for established from low to high and high to low security interface, NAT (inside/outside), Indentity NAT, Outside keep same IP addresses, use of Statics, DNS doctoring etc

Are there some guidelines on the Internet or that someone has written and can share?

For example is this use of static correct to enable establishing a session from 192.168.0.11 on a low security dmz to a higher dmz address 10.20.2.2 without NAT translation.

ip address dmzlow 192.168.0.254 255.255.255.0

ip address dmzhigh 192.168.6.1 255.255.255.252

route 10.20.2.0 255.255.255.240 192.168.6.2 1

access-list acl_dmzlow permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0

access-group dmzlow in interface dmzlow

static (dmzlow,dmzhigh) 10.20.2.0 10.20.2.0 netmask 255.255.255.240 0 0

Thanks

Mick

Re: Established through PIX - CLEAR GUIDELINES

turnbull — Mon, 24 Jan 2005 21:21:49 GMT

Hi Mick,

It's almost there with just a couple of inaccuracies in the static and access list.

should be:

static (dmzhigh,dmzlow) 10.20.2.0 10.20.2.0 netmask 255.255.255.240 0 0

access-list acl_dmzlow permit ip 192.168.0.0 255.255.255.0 10.20.2.0 255.255.255.240

A definitive guide is available here:

http://cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

This makes better sense with the basics of NAT and access through the PIX:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/mngacl.htm

Think of high security as ‘inside’ and lower as ‘outside’ even if dealing with DMZ’s

Cisco print a good book dealing with PIX but I’m not aware of any downloadable from the Internet.

Cheers,

Paul.

topic Re: Established through PIX - CLEAR GUIDELINES in Network Security

Established through PIX - CLEAR GUIDELINES

Re: Established through PIX - CLEAR GUIDELINES