Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2102
Views
0
Helpful
5
Replies

PIX Firewall - Access to DMZ interface from remote locations

debbied
Level 1
Level 1

‎09-13-2001 09:18 AM - edited ‎02-20-2020 09:49 PM

I currently have a PIX 520 running ver 4.4. I am not using access lists. The problem I have is that all workstations at my remote branches (frame relay connection) cannot access my Home Banking page which is on the DMZ interface. Everyone at the main branch can get to it just fine.

The remote branches all come back through the main router to access the internet.

Can anyone explain why this is happening?

thanks for any assistance

0 Helpful
5 Replies 5

millerv
Level 1
Level 1

‎09-13-2001 10:15 AM

What interface does the frame relay connection use to get to the pix?

1. If its the "outside" interface you will need to come up with a conduit statement to permit

the remotes to access the specific host/port(s) on the home banking server(s).

Don't try access lists on 4.4.....start thinking upgrate though.

2. If the frame attached hosts come in via a higher security level interface (inside),

Then you will need to NAT them across to the lower security level interface

0 Helpful

debbied
Level 1
Level 1
In response to millerv

‎09-14-2001 09:05 AM

The remote machines access the dmz interface via the inside interface, just as all of the local machines do. The local machines have no issues with seeing the home banking server, just the remotes. Could it be related to RIP not being enabled on the DMZ? I don't want to enable it for that interface for obvious reasons.

I have helper addresses entered for all of the remote locations and everything else, including internet access works just fine.

0 Helpful

millerv
Level 1
Level 1
In response to debbied

‎09-14-2001 10:07 AM

How are you advertising a route to the dmz on the

local machines? is it different than the remotes ?

a helper won't do you much good unless your using a

udp broadcast.

can you ping the dmz from a remote host ?

are you running symitar as your app ? as i recall

that has some issues with IP addressing.

0 Helpful

debbied
Level 1
Level 1
In response to millerv

‎09-14-2001 10:40 AM

This is the statement I have in my local host router regarding the home banking server:

ip route 10.55.0.0 255.255.0.0 10.54.1.7 permanent

Where 10.55.0.0 is the network where the homebanking server is located and 10.54.1.7 is the inside interface of the firewall. I think that is what you mean by 'how is it advertised'.

When I attempt to ping the dmz from a remote host I get a reply from the local router that says the destination host is unreachable.

We are using Symitar as our app, but as some background; the problem began occurring when we removed thin clients from the remote environment and went to pc's. It was not an issue with the thin clients because they were all routed to the internet through a machine that resided on the local network.

Symitar does not seem to be an issue.

0 Helpful

millerv
Level 1
Level 1
In response to debbied

‎09-17-2001 10:52 AM

I know I shouldn't pick on symitar, but it does add some addressing issues in a C.U. Net.

What happens when you ping (from the Pix) to the remote network(s).

What routing protocol are you running on the inside network?

do you have a default route built anywhere ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card