Re: Pix with PDM

jrhofman · ‎08-25-2004

I'm trying to understand how to configure the pix through the PDM and access-rules in the following way but seem to be running into confusion.

I have 3 interfaces on my pix Inside (100), outside (0) and a DMZ (6). I want to have a single host on the inside be able to talk to only a single host on the outside via FTP. Everything on the inside should be able to talk to everything on the DMZ.

I configure a rule that says allow host 10.100.17.68 (on the inside int) to go to a host on the outside 10.200.1.100. This seems pretty strait forward.

However, when I then apply my next rule that allows everything on the Inside to talk to everything on the DMZ the outside interface gets added to that rule (breaking my first rule above). I am using the destination ip address field for the DMZ with a 0.0.0.0 0.0.0.0 (or anything on the DMZ).

Can I select the name field instead and just select the DMZ interface. This seems like it would only pertain to the specific address of the DMZ interface rather than all hosts on the DMZ but it does not add the outside interface to the rule.

what am I not understanding here?

jsivulka · ‎09-01-2004

You could be running into bug CSCdx28710. It seems that defect is only cosmetic. The interfaces get swapped only in the display. However, the correct rules get applied to the PIX.

jrhofman · ‎09-02-2004

Thanks for the reply. I will recofigure the pix and test. I didn't even bother testing last time. I just reconfigured it to work another way.