Pix with PDM

jrhofman — Fri, 21 Feb 2020 07:35:49 GMT

I'm trying to understand how to configure the pix through the PDM and access-rules in the following way but seem to be running into confusion.

I have 3 interfaces on my pix Inside (100), outside (0) and a DMZ (6). I want to have a single host on the inside be able to talk to only a single host on the outside via FTP. Everything on the inside should be able to talk to everything on the DMZ.

I configure a rule that says allow host 10.100.17.68 (on the inside int) to go to a host on the outside 10.200.1.100. This seems pretty strait forward.

However, when I then apply my next rule that allows everything on the Inside to talk to everything on the DMZ the outside interface gets added to that rule (breaking my first rule above). I am using the destination ip address field for the DMZ with a 0.0.0.0 0.0.0.0 (or anything on the DMZ).

Can I select the name field instead and just select the DMZ interface. This seems like it would only pertain to the specific address of the DMZ interface rather than all hosts on the DMZ but it does not add the outside interface to the rule.

what am I not understanding here?

Re: Pix with PDM

jsivulka — Thu, 02 Sep 2004 00:14:20 GMT

You could be running into bug CSCdx28710. It seems that defect is only cosmetic. The interfaces get swapped only in the display. However, the correct rules get applied to the PIX.

Re: Pix with PDM

jrhofman — Thu, 02 Sep 2004 10:10:45 GMT

Thanks for the reply. I will recofigure the pix and test. I didn't even bother testing last time. I just reconfigured it to work another way.

topic Re: Pix with PDM in Network Security

Pix with PDM

Re: Pix with PDM

Re: Pix with PDM