05-07-2003 11:14 AM - edited 03-09-2019 03:11 AM
Scenario: What is the best way to assign an external IP address to an internal machine or firewall on dmz. This machine needs to have completely open access out and completely open access in (from internet). What is the best way to do this and allow that access only to the one ip?
05-07-2003 12:46 PM
First, why are you allowing full access inbound? If that's the case, set it outside the firewall and let the hackers go nuts...
If you need to translate the box from the DMZ to the outside do the following.
static (dmz,outside) (public IP) (internal IP) netmask 255.255.255.255 0 1000
remember, if you are private on the inside and private in the DMZ you will need to set up some nonat rules so the inside can reach your DMZ if that is permitted.
05-07-2003 01:14 PM
There is going to be a second firewall on the inside of the pix. All traffic needs to pass through the first on the dmz but only for the firewall ip.
What about all traffic going out to the internet? What command for this?
05-13-2003 01:58 AM
The static command will normally also provide the outside access, as well as the inside access (assuming you have set up the appropiate access-list and securitylevels on you PIX)
Please provide your config if more help is needed
Regards,
Leo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide