08-30-2005 06:18 AM - edited 03-09-2019 12:17 PM
I have the following on PIX 5.15e 6.34
Eth0: Outside Public IP
Eth1: Inside 10.0.0.0/16
Eth2: DMZ 10.7.0.0/16
The problem I have is that inside hosts cannot access the DMZ segment. It appears that the inside hosts are not sending the packets to the pix. If I do a traceroute packets are not reaching the PIX inside interface rather an arp broadcast appears to be done. However if I try traceroute to 10.8.0.1 this then gets sent to the pix. This is the same for subnets 10.1.0.0 - 10.7.0.0.
Surely the above are in different subnet to 10.0.0.0/16 due to using the Class B subnet mask.
Am I missing a simple thing here?
Lastly.
How does one chose a security level? I need traffic to transverse the inside & dmz segements but am unsure what security level to choose.
Is there a document somewhere on Cisco.com that outlines the differents levels and when to use them?
Thanks
Craig
08-30-2005 06:56 AM
Hi,
As an example, take a look at this document:
The above document is for a mail server access in the DMZ, but I think this will help in your understanding.
Hope this helps a little, let me know how you get on.
-
Jay
08-30-2005 07:34 AM
Thanks for the link!
I'm not having a problem with the pix config but more with the inter IP subnet addressing.
e.g.
Subnet 1: 10.0.0.0/16 -> Inside
Subnet 2: 10.1.0.0/16 -> DMZ1
Subnet 3: 10.7.0.0/16 -> DMZ2
Subnet 4: 10.8.0.0/16 -> DMZ3
From an XP workstation if I do a traceroute from Subnet 1 to subnets 2 & 3 -> no traffic is sent to the default gateway (pix). Appears an arp request is being sent.
Whereas if I do a traceroute from Subnet 1 to subnet 4 traffic is sent to the pix.
It appears that the workstation thinks that subnets 10.1.0.0 -> 10.7.0.0 /16 are local therefore doesn't send the traffic to the default gateway. Wheras 10.8.0.0 /16 is sent to the gateway.
Windows host has the correct IP config ie.e 10.0.1.1 255.255.255.0 GW 10.0.0.254
I know that the problem is not the pix as I get no errors on the syslog i.e. the traffic deosn't even hit the pix.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide