Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
1
Replies

PIX 515 DMZ Webserver

jwebber
Level 1
Level 1

‎10-04-2004 10:58 AM - edited ‎02-20-2020 11:39 PM

I have a webserver in a DMZ on a PIX. Here is the config from the PIX for the webserver;

access-list dmz2-out deny ip any 192.168.1.0 255.255.255.0

access-list inside-out permit tcp 192.168.1.0 255.255.255.0 host 192.168.11.200 eq www

access-list inside-out permit ip any any

static (dmz2,outside) xx.xx.xx.xx 192.168.11.200 netmask 255.255.255.255 0 0

access-group dmz2-out in interface dmz2

access-group inside-out in interface inside

192.168.1.0 is the main office. I have another office 192.168.2.0 that I want to be able to access this webserver. The two sites are connected via 2 T1's. If I add the following to the PIX config, 192.168.2.0 cannot access the webserver;

access-list dmz2-out deny ip any 192.168.2.0 255.255.255.0

access-list inside-out permit tcp 192.168.2.0 255.255.255.0 host 192.168.11.200 eq www

What am I missing? Thanks in advance for any assistance.

0 Helpful
1 Reply 1

madnan
Level 1
Level 1

‎10-04-2004 11:11 AM

I assume the other office sourced from the inside interface of the PIX to your web server. In this case you need to add a static command to enable the Web to touch the IP address of the office LAN.

static(in,out) 192.168.2.0 192.168.2.0 netmask 255.255.255.0

then clear xlate and test.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card