05-14-2003 08:29 AM - edited 02-20-2020 10:44 PM
Hi,
I have a cisco 520 pix firewall and have the inside, outside and dmz working well. The INSIDE was addded recently and now, I want the inside and dmz zones to communicate with each other. IS this possible. If then how?
can anyone help me out with some links or their own solutions?
thanks in advance.
Ramesh
05-14-2003 11:51 AM
Ramesh,
Yes, this will definitely work. For simplicity purpose lets have an example:
Inside : 10.1.1.0/24 network inside interface of pix: 10.1.1.1
dmz: 172.16.171.0/24 network dmz interface of pix: 172.16.171.1
For connection from inside to dmz:
nat (inside) 1 10.1.1.0
global (dmz) 1 interface
If you have acl appalied on inside interface, pl. make sure to allow the traffic from iunside to dmz. Also, if you have an existing nat for the outside, then you may apply the same nat to the dmz interface.
For connection from dmz to inside:
static (inside, dmz) 10.1.1.50 10.1.1.50 (lets say web server has ip 10.1.1.50)
access-list 102 permit tcp any host 10.1.1.50 permit 80
access-group dmz in
Note: if you want to allow the communication from dmz to inside, the whole network then you can define " static (inside, dmz) 10.1.1.0 10.1.1.0), in that case, you will not need the nat/global for the inside to outside communication.
I hope this helps ! Thanks,
Mynul
05-15-2003 12:15 AM
Hi Minul.
I have the problem to configure access from the whole dmz to (a subnet in) the inside and viceversa.
For dmz to inside connection, I understand from your reply that I need :
static (inside, dmz) 10.1.1.0 10.1.1.0 + access-list 102.
But what about inside to dmz connections? Do you mean that I need a simple
nat (inside) 0 access-list in-to-dmz
or that I need nothing else at all?
Thank you very much!
Michele
05-15-2003 01:43 PM
Hi Michele,
Once you define static, you will not need anyting else. If you define nat (inside) 0 ACL then, this will superce static and will perform the same job. So, either of this two options will work for you. So, define either static or nat 0 ACL.
I hope its clear ! Thanks,
Mynul
05-18-2003 04:40 AM
hi Mynul,
The same worked. thanks a lot...thanks a 100 times..... :)
cheers,
Ramesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide