02-02-2005 08:18 AM - edited 03-09-2019 10:12 AM
I am trying to place public servers such as Web Server, DNS Server and Outside Mail Server in dmz zone using separate dmz interface for each one. I was able to put Web Server successfully in DMZ using static nat. But when I tried putting other servers like DNS and Mail Server using static nat, I couldnt get addresses translated from dmz interface to outside interface.
Inside network: 10.8.0.0/20
Outside network: 63.127.167.192/27
Web-dmz1: 192.168.0.0/24
Dns-dmz2: 192.168.1.0/24
Mail-dmz3: 192.168.2.0/24
I have attached the current running configuration from Cisco PIX 515E.
Current status: Inside network is behind firewall and is PATed. Web Server is placed in DMZ zone and outside people can access it, but not internally.
Is there problem using multiple static nat's?
Also i tried with nat and global commands but no luck...
I would appreciate if anyone could help me in this problem.
Thanks,
Mayur Shah
Network Analyst
02-02-2005 11:09 AM
Mayur,
To permit access to the DNS and mail servers using the public IP's you have statically allocated, you will need to permit the required ports (DNS - udp 53 and Mail - SMTP, POP and also web (for OWA if needed). Currently you do have an ACL which permits web access to the web-dmz.
People in the inside network wont be able to reach the web server using the public DNS name, as it translates to .167.207 address and the PIX has a mapping for .167.207 to .0.11 address only if the packet comes from the outside interface. Probably you may be able to fix this by,changing your local DNS server entry for the web server to 192.168.0.11
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide