https://community.cisco.com/t5/network-security/attempt-at-easy-dmz/m-p/1066450#M878644 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Glad to be of help. Could you update the forum that the solution resolved the issue, so others who run into similar issue can benefit out of the post. Thanks!</P><P></P><P>If the prod network is on the inside interface:</P><P></P><P>static (inside,dmz) 192.168.2.8 192.168.2.8</P><P></P><P>By default, there are not ACLs applied on the inside interface. In case if you have configured one, make sure that you permit the necessary ports/protocols for this server.</P><P></P><P>Regards,</P><P>Arul</P><P></P><P>*Pls rate all helpful posts*</P></BODY></HTML> Tue, 23 Dec 2008 19:58:57 GMT ajagadee 2008-12-23T19:58:57Z https://community.cisco.com/t5/network-security/attempt-at-easy-dmz/m-p/1066447#M878640 <P>Hello - I am trying to set up (for the first time) a simple DMZ on my PIX 515. Here is the DMZ layout. I have a PIX 515 connected to a 2950 switch that has one server (for now) that I need to have the world access a webpage on. I though I had it set up right, but I can't see it from the outside world, or from my private network behind the PIX. I can see the server from within the PIX. I am attaching my config, and any help would be great. I know I am probably missing a few things. Thanks!</P><P></P><P></P><P> </P><P></P> Mon, 11 Mar 2019 14:27:42 GMT https://community.cisco.com/t5/network-security/attempt-at-easy-dmz/m-p/1066447#M878640 adcorbett_2 2019-03-11T14:27:42Z https://community.cisco.com/t5/network-security/attempt-at-easy-dmz/m-p/1066448#M878642 <HTML><HEAD></HEAD><BODY><P>Andy,</P><P></P><P>I am assuming that the web server that you are talking about is with the ip address 172.16.99.10. If so, the static looks good.</P><P></P><P>static (DMZ,outside) 72.93.X.6 172.16.99.10 netmask 255.255.255.255 </P><P></P><P>But, I dont see any access-list applied on the outside interface. You need to define an access-list to permit web traffic to this server. </P><P></P><P>Example:</P><P></P><P>access-list 100 permit tcp any host 72.93.X.6 eq 80</P><P></P><P>access-group 100 in interface outside</P><P></P><P>Regards,</P><P>Arul</P><P></P><P>*Pls rate all helpful posts*</P><P></P></BODY></HTML> Thu, 18 Dec 2008 20:58:18 GMT https://community.cisco.com/t5/network-security/attempt-at-easy-dmz/m-p/1066448#M878642 ajagadee 2008-12-18T20:58:18Z https://community.cisco.com/t5/network-security/attempt-at-easy-dmz/m-p/1066449#M878643 <HTML><HEAD></HEAD><BODY><P>ok great!! Its working perfectly from outside now. Thank you.</P><P></P><P>Next - I need to have one server on my production network (192.168.2.8) talk to the server on the DMZ (172.16.99.10). How can I do that?</P></BODY></HTML> Tue, 23 Dec 2008 19:38:24 GMT https://community.cisco.com/t5/network-security/attempt-at-easy-dmz/m-p/1066449#M878643 adcorbett_2 2008-12-23T19:38:24Z https://community.cisco.com/t5/network-security/attempt-at-easy-dmz/m-p/1066450#M878644 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Glad to be of help. Could you update the forum that the solution resolved the issue, so others who run into similar issue can benefit out of the post. Thanks!</P><P></P><P>If the prod network is on the inside interface:</P><P></P><P>static (inside,dmz) 192.168.2.8 192.168.2.8</P><P></P><P>By default, there are not ACLs applied on the inside interface. In case if you have configured one, make sure that you permit the necessary ports/protocols for this server.</P><P></P><P>Regards,</P><P>Arul</P><P></P><P>*Pls rate all helpful posts*</P></BODY></HTML> Tue, 23 Dec 2008 19:58:57 GMT https://community.cisco.com/t5/network-security/attempt-at-easy-dmz/m-p/1066450#M878644 ajagadee 2008-12-23T19:58:57Z https://community.cisco.com/t5/network-security/attempt-at-easy-dmz/m-p/1066451#M878645 <HTML><HEAD></HEAD><BODY><P>Thanks for your help!</P></BODY></HTML> Tue, 23 Dec 2008 20:00:27 GMT https://community.cisco.com/t5/network-security/attempt-at-easy-dmz/m-p/1066451#M878645 adcorbett_2 2008-12-23T20:00:27Z