05-07-2002 06:48 AM - edited 03-08-2019 10:33 PM
My ISP points their DNS server to 216.202.205.253 which will point back to our webserver (192.168.0.2). Here are the parameters of my pix 515
outside: 216.202.205.250
inside: 128.1.1.10
DMZ: 192.168.0.1
Here is my proposed DMZ config:
global (DMZ) 1 192.168.10-192.168.0.254
static (DMZ, outside) 216.202.205.253 192.168.0.2 netmask 255.255.255.255 1010
conduit permit tcp host 216.202.205.253 eq www any
nat (inside) 1 0.0.0.0 0.0.0.0 0
nat (DMZ) 1 192.168.0.0 255.255.255.0
Could anyone verify if this is a good config? Please advise. Thanks.
05-07-2002 09:03 AM
Why do you need the "nat (DMZ) 1 192.168.0.0 255.255.255.0 " command??
and also the "global (DMZ) 1 192.168.10-192.168.0.254" Firstly this is not a registered address and secondly you dont need dmz to make an outbound connection, do you?
Also why do you want to NAT the inside address when it's already a legal ip address or is it not registered. In that case you will need the corresponding global address i.e global (outside) 1 .......
05-09-2002 01:27 PM
It looks good to me but the prob I have with it is the conduit statement you would be better served usin access-list rather than conduit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide