cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1224
Views
0
Helpful
4
Replies

NAT problem of DMZ side

Anand Solgama
Level 1
Level 1

Hi,

I created simple PIX,inside,outside and dmz.....my inside to outside connection working just fine...outside to inside also work fine ...but outside to dmz not working

global (outside) 1 110.110.110.200-110.110.110.253

global (outside) 2 110.110.110.254

nat (inside) 0 access-list NONAT

nat (inside) 1 10.0.0.0 255.0.0.0 0 0

nat (DMZ) 2 172.16.0.0 255.255.0.0 0 0

access-group OUT_IN_DMZ in interface outside

access-group DMZ_IN in interface DMZ

access-list OUT_IN_DMZ permit tcp host 110.110.110.2 110.0.0.0 255.0.0.0 eq teln

et

access-list DMZ_IN permit tcp any any eq telnet

access-list DMZ_IN permit ip any any

access-list NONAT permit ip 10.0.0.0 255.0.0.0 172.16.0.0 255.255.0.0

I did above config in PIX to only allow telnet traffic inside my network and DMZ from outside now outside to inside telnet possible with first host suppose 110.110.110.200 .... unfortunately DMZ to outside work but outside to DMZ 110.110.110.254 not telnetting ???????!!!!!!!!!!!

Please help me why outside to DMZ not telnet even though DMZ to outside telnet and outside also get global address 110.110.110.254 !!!!

so inshort

inside --->outside 10.1.1.2 --- 110.110.110.200 (after NAT) telnet-------> 110.110.110.2 good

dmz----->outside 172.16.1.2 ---- 110.110.110.254(after NAT) telnet ------>110.110.110.2 good again

but

outside ---->dmz 110.110.110.2----110.110.110.254 telnet bad

Thanks in advance I attached my lab and config with this mail.

Bye,

1 Accepted Solution

Accepted Solutions