Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
0
Helpful
2
Replies

Terminal Services to DMZ

TimeCr0ss
Level 1
Level 1

‎08-24-2004 09:14 AM - edited ‎03-09-2019 08:34 AM

First off, thanks to all for your help (Especially Patrick). The DMZ questions I posted earlier have been resolved. However, I have a new question now...

I need out web box (DMZ) to communicate with our MS Exchange box (inside LAN). Would I go about doing this with a static statement or and access-list?

Also, we need use Terminal Services to access the web box in the DMZ as well. Would this work best with a static statement to the webox?

For example

static (inside,dmz) 172.16.23.50 192.168.1.10 netmask 255.255.255.255 0 0

Labels:
0 Helpful
2 Replies 2

TimeCr0ss
Level 1
Level 1

‎08-24-2004 01:59 PM

Nevermind, I got it!

static (dmz,inside) LAN host, dmz host

0 Helpful

jmbrady
Level 1
Level 1
In response to TimeCr0ss

‎08-24-2004 06:33 PM

There are a couple of options here:

You can use the static command 2 ways here. You can use the IP address of the dmz host in both places (LAN host and dmz host) which will turn off NAT for the IP address and allow it to be mapped directly into the inside.

You can also use an IP address in the Internal IP space if you want to hide the true IP address of the dmz host.

Without an access-list statement, the static statement does no good if you want to initiate from the DMZ. You need to specify which ports to allow to the inside. Note this is only for the direction of NAT-->Inside. Inside shouldn't have a problem communicating back (or starting communication) since the static statement turns off NAT.

0 Helpful
Customers Also Viewed These Support Documents