https://community.cisco.com/t5/network-security/problems-to-access-dns-services-from-a-dmz-using-pix-515-ur/m-p/404190#M557669 <HTML><HEAD></HEAD><BODY><P>Yes, actually the problem was that in the front end servers I am using two ethernet cards,one goes to another firewall and the other goes to this DMZ so I had to use specific routes in these hosts to reach outside DNS services instead of using a default gateway.</P><P>Thanks.</P></BODY></HTML> Tue, 07 Jun 2005 00:16:14 GMT sguerrero 2005-06-07T00:16:14Z https://community.cisco.com/t5/network-security/problems-to-access-dns-services-from-a-dmz-using-pix-515-ur/m-p/404188#M557647 <P>I have a configuration using a private VPN.</P><P>I have a 515 Firewall in which outside is connected to VPN in order to offer connection to the rest of the world. Inside connects a back-end exchange server and DMZ connects a frontEnd exchange server.</P><P>I am using a DNS server in the outside for the exchange server in the inside and it works OK, but I want to use the same DNS to serve the frontEnd exchange server and it is not working.</P><P>Here I have the addresses and static, and some of the access-list involved (not all of them). Just want to know if the problem is with the static mapping (if I am missing something, please let me know).DNS has 192.168.212.6 IP address</P><P></P><P>ip address outside 192.168.212.29 255.255.255.224</P><P>ip address inside 192.168.100.29 255.255.255.224</P><P>ip address DMZ 192.168.209.94 255.255.255.224</P><P></P><P>static (inside,outside) 192.168.212.8 192.168.100.8 netmask 255.255.255.255 0 0 </P><P>static (inside,DMZ) 192.168.209.68 192.168.100.8 netmask 255.255.255.255 0 0 </P><P>static (DMZ,inside) 192.168.100.15 192.168.209.65 netmask 255.255.255.255 0 0 </P><P>static (DMZ,outside) 192.168.212.15 192.168.209.65 netmask 255.255.255.255 0 0 </P><P>access-group acl-out in interface outside</P><P>access-group acl-in in interface inside</P><P>access-group acl-dmz in interface DMZ</P><P></P><P>These access-lists are resumed, only to validate the source and destination of communicaction. </P><P>access-list acl-in permit tcp host 192.168.100.8 192.168.212.6</P><P>access-list acl-in permit udp host 192.168.100.8 192.168.212.6</P><P>access-list acl-dmz permit tcp host 192.168.209.65 host 192.168.212.6</P><P>access-list acl-dmz permit udp host 192.168.209.65 host 192.168.212.6</P><P>access-list acl-out permit tcp host 192.168.212.6 192.168.212.15</P><P>access-list acl-out permit udp host 192.168.212.6 192.168.212.15</P><P>access-list acl-out permit tcp host 192.168.212.6 192.168.212.8</P><P>access-list acl-out permit udp host 192.168.212.6 192.168.212.8</P><P></P><P></P><P></P><P></P> Fri, 21 Feb 2020 08:10:45 GMT https://community.cisco.com/t5/network-security/problems-to-access-dns-services-from-a-dmz-using-pix-515-ur/m-p/404188#M557647 sguerrero 2020-02-21T08:10:45Z https://community.cisco.com/t5/network-security/problems-to-access-dns-services-from-a-dmz-using-pix-515-ur/m-p/404189#M557658 <HTML><HEAD></HEAD><BODY><P>As far as I see, your statting mapping looks good, issue is not with the static mapping.</P></BODY></HTML> Mon, 06 Jun 2005 14:44:55 GMT https://community.cisco.com/t5/network-security/problems-to-access-dns-services-from-a-dmz-using-pix-515-ur/m-p/404189#M557658 umedryk 2005-06-06T14:44:55Z https://community.cisco.com/t5/network-security/problems-to-access-dns-services-from-a-dmz-using-pix-515-ur/m-p/404190#M557669 <HTML><HEAD></HEAD><BODY><P>Yes, actually the problem was that in the front end servers I am using two ethernet cards,one goes to another firewall and the other goes to this DMZ so I had to use specific routes in these hosts to reach outside DNS services instead of using a default gateway.</P><P>Thanks.</P></BODY></HTML> Tue, 07 Jun 2005 00:16:14 GMT https://community.cisco.com/t5/network-security/problems-to-access-dns-services-from-a-dmz-using-pix-515-ur/m-p/404190#M557669 sguerrero 2005-06-07T00:16:14Z