Allow Inside Hosts Access to a DMZ without Translation

gappavoo1 · ‎06-27-2007

Hi,

Could you pls mail what exactly the below command will do ?

1) static (inside,dmz) 10.1.6.100 10.1.6.100

2) static (dmz,inside) 10.1.6.100 10.1.6.100

Pls mail me documentaion reference with multiple DMZ(1-4) configuration in PIX with translation and without address translation.

-Ganesh

srue · ‎06-28-2007

you don't need 2), assuming 10.1.6.100 is the host on the inside interface that needs access to the dmz.

You could also use nat zero to accomplish this:

nat (inside) 0 natzero_acl

access-list natzero_acl permit ip host 10.1.6.100 host dmz_host_ip

gappavoo1 · ‎06-28-2007

Hi,

Thanks for your reply !

Pls clarify me, assuming a host 10.2.7.200 in DMZ interface that needs to access inside the below commands is correct ?

static (dmz,inside) 10.2.7.200 10.2.7.200

-Ganesh

acomiskey · ‎06-28-2007

No you would not need that.

For 10.2.7.200 and 10.1.6.100 to communicate between the inside and dmz, all you need is...

static (dmz,inside) 10.1.6.100 10.1.6.100