05-29-2005 05:44 PM - edited 02-21-2020 12:10 AM
I have a configuration using a private VPN.
I have a 515 Firewall in which outside is connected to VPN in order to offer connection to the rest of the world. Inside connects a back-end exchange server and DMZ connects a frontEnd exchange server.
I am using a DNS server in the outside for the exchange server in the inside and it works OK, but I want to use the same DNS to serve the frontEnd exchange server and it is not working.
Here I have the addresses and static, and some of the access-list involved (not all of them). Just want to know if the problem is with the static mapping (if I am missing something, please let me know).DNS has 192.168.212.6 IP address
ip address outside 192.168.212.29 255.255.255.224
ip address inside 192.168.100.29 255.255.255.224
ip address DMZ 192.168.209.94 255.255.255.224
static (inside,outside) 192.168.212.8 192.168.100.8 netmask 255.255.255.255 0 0
static (inside,DMZ) 192.168.209.68 192.168.100.8 netmask 255.255.255.255 0 0
static (DMZ,inside) 192.168.100.15 192.168.209.65 netmask 255.255.255.255 0 0
static (DMZ,outside) 192.168.212.15 192.168.209.65 netmask 255.255.255.255 0 0
access-group acl-out in interface outside
access-group acl-in in interface inside
access-group acl-dmz in interface DMZ
These access-lists are resumed, only to validate the source and destination of communicaction.
access-list acl-in permit tcp host 192.168.100.8 192.168.212.6
access-list acl-in permit udp host 192.168.100.8 192.168.212.6
access-list acl-dmz permit tcp host 192.168.209.65 host 192.168.212.6
access-list acl-dmz permit udp host 192.168.209.65 host 192.168.212.6
access-list acl-out permit tcp host 192.168.212.6 192.168.212.15
access-list acl-out permit udp host 192.168.212.6 192.168.212.15
access-list acl-out permit tcp host 192.168.212.6 192.168.212.8
access-list acl-out permit udp host 192.168.212.6 192.168.212.8
06-06-2005 07:44 AM
As far as I see, your statting mapping looks good, issue is not with the static mapping.
06-06-2005 05:16 PM
Yes, actually the problem was that in the front end servers I am using two ethernet cards,one goes to another firewall and the other goes to this DMZ so I had to use specific routes in these hosts to reach outside DNS services instead of using a default gateway.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide