Solved: PIX 515E DMZ NAT

petersont · ‎11-20-2004

We recently acquired a new business partner that is connected by a frame-relay to our DMZ.

Here is my problem. The router (frame-relay) is in our DMZ NATS from their public addresses to our private addresses in the DMZ to

172.16.10.90 port ftp

172.16.10.4 Port 9100

172.16.10.5 Port 9100

172.16.10.6 Port 9100

I want to take the source addresses and NAT them to our inside network:

10.10.2.90

10.10.2.4

10.10.2.5

10.10.2.6

I don't have a physical devices in the DMZ for these addresses and I haven't been able pass the traffic back from the DMZ. I have access lists allowing traffic from the DMZ 172.16.10.x to inside 10.10.2.x via the appropriate ports.

We currently have our Web server and a mail gateway in the DMZ, I would like to accomplish this without changing the global or jeopardize any of the DMZ rules that are currently in place.

Thank you for your help

nkhawaja · ‎11-20-2004

this feature is available in 6.3+ codes

upgrade to the latest code which 6.3.4

View solution in original post

nkhawaja · ‎11-20-2004

Hi,

what version of PIX Os you are running? If all the proper routing informaiton is in place, all you need is these commands

static (dmz,inside) 10.10.2.90 172.16.10.90

static (dmz,inside) 10.10.2.4 172.16.10.4

etc.

Thanks

Nadeem

petersont · ‎11-20-2004

Thank you for your help.

The version is 6.1(4) I get this error when I try that command:

Result of PIX command: "static (dmz,inside) 10.10.2.90 172.16.10.90 "

DMZ 50 has a lower security value than inside 100

Command failed

nkhawaja · ‎11-20-2004

this feature is available in 6.3+ codes

upgrade to the latest code which 6.3.4

petersont · ‎11-20-2004

Thank you very much for you help.