https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846263#M959313 <HTML><HEAD></HEAD><BODY><P>Hi Waseem </P><P> Please tell me in which DMZ your webserver is located, its IP and from which interface you want to reach webserver from which IP</P><P></P><P>Regards</P></BODY></HTML> Tue, 11 Dec 2007 09:49:53 GMT Alan Huseyin Kayahan 2007-12-11T09:49:53Z https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846261#M959309 <P>I have a pair of cisco PIX 525 with Pix version 6.3 (4), I am trying to configure the web server access from one dmz interface to other. I tried couple of scenario but could not workout.</P><P></P><P>The configuration I did is as follow</P><P>1. Create the static nat </P><P>static (PACS_DATA,EPCT) 192.168.217.13 10.150.61.68 netmask 255.255.255.255 0 0</P><P></P><P>2. Created the access list and nat to exempt from the nat</P><P>access-list EPCT_nat permit ip any 10.150.61.0 255.255.255.0 </P><P>nat (EPCT) 0 access-list EPCT_nat</P><P></P><P>3. Created the access list to permit all the traffic to access web server</P><P>access-list EPCT_in permit tcp 192.168.216.0 255.255.254.0 host 192.168.217.13 eq www</P><P></P><P>My firewall configurations are as follow</P><P></P><P>nameif ethernet2 EPCT security9</P><P>nameif vlan486 PACS_DATA security16</P><P></P><P>global (EPCT) 1 interface</P><P>nat (EPCT) 1 192.168.216.0 255.255.254.0 outside 0 0</P><P></P><P>nat (PACS_DATA) 0 access-list PACS_DATA_NAT</P><P></P><P>any help will be highly appriciated </P> Mon, 11 Mar 2019 11:39:35 GMT https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846261#M959309 meesaw 2019-03-11T11:39:35Z https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846262#M959311 <HTML><HEAD></HEAD><BODY><P>Sorry i foget to tell i am getting this error messge in logs </P><P>PIX-3-305006: regular translation creation failed for icmp src xxxx dst xxxx(type 8, code 0)</P><P></P><P></P></BODY></HTML> Thu, 06 Dec 2007 18:31:35 GMT https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846262#M959311 meesaw 2007-12-06T18:31:35Z https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846263#M959313 <HTML><HEAD></HEAD><BODY><P>Hi Waseem </P><P> Please tell me in which DMZ your webserver is located, its IP and from which interface you want to reach webserver from which IP</P><P></P><P>Regards</P></BODY></HTML> Tue, 11 Dec 2007 09:49:53 GMT https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846263#M959313 Alan Huseyin Kayahan 2007-12-11T09:49:53Z https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846264#M959315 <HTML><HEAD></HEAD><BODY><P>my webserver is in PACS Vlan DMZ and my clints are in EPCT DMZ. Webserver IP is 10.150.61.41 and my EPCT subnet is 192.168.216.0 /23. i want to configure the access of all EPCT to this webserver.</P></BODY></HTML> Tue, 11 Dec 2007 18:21:42 GMT https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846264#M959315 meesaw 2007-12-11T18:21:42Z https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846265#M959317 <HTML><HEAD></HEAD><BODY><P>static (EPCT,PACS_DATA) 192.168.216.0 192.168.216.0 255.255.254.0</P><P></P><P>access-list EPCT_in permit tcp 192.168.216.0 255.255.254.0 host 192.168.217.13 eq www </P><P>access-group EPCT_in in interface EPCT</P></BODY></HTML> Tue, 11 Dec 2007 18:35:41 GMT https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846265#M959317 acomiskey 2007-12-11T18:35:41Z https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846266#M959319 <HTML><HEAD></HEAD><BODY><P>Adam shouldnt it be as following since clients has to reach Web server?</P><P></P><P>static (EPCT,PACS_DATA) 10.150.61 41 10.150.61.41 netmask 255.255.255.255</P><P>access-list epct_access_in permit tcp 192.168.216.0 255.255.255.0 host 10.150.61.41 eq www</P><P>access-group epct_access_in in interface EPCT</P><P></P><P>(If you already have an ACL grouped to interface, add the ACL in it, dont use the ACL name above)</P><P></P><P>Regards</P></BODY></HTML> Tue, 11 Dec 2007 20:13:35 GMT https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846266#M959319 Alan Huseyin Kayahan 2007-12-11T20:13:35Z https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846267#M959322 <HTML><HEAD></HEAD><BODY><P>any update here?</P></BODY></HTML> Wed, 12 Dec 2007 22:05:47 GMT https://community.cisco.com/t5/network-security/web-server-access-from-one-dmz-to-other/m-p/846267#M959322 Alan Huseyin Kayahan 2007-12-12T22:05:47Z