Access to DMZ from Inside.

raju · ‎04-13-2004

Hello ,

I have a request to allow couple of hosts from Internal Network to DMZ Zone host through port 25 for SMTP emails . I can create static , but that will open all ports . I created an access list from Inside hostto DMZ host eq 25 and created Static also. After applying this access list rule , it blocked the whole traffic through Inside Network.

I did this configuration through PIX PDM GUI .What went wrong ?.I deleted the access list which I created and pix started working normal.The PIX IOS ver is 6.3(3)

Regards,

Raju

jasobrown · ‎04-13-2004

After creating the STATIC..

You need to allow the traffic to the DMZ then deny all other traffic to the DMZ then allow all other traffic to the internet, on an access-list on the inside interface IE:

DMZ == 172.16.1.0 /24

Internal == 192.168.1.0 /24

access-list inside permit host 192.168.1.10 host 172.16.1.5 eq 25

access-list inside permit host 192.168.1.5 host 172.16.1.5 eq 25

access-list inside deny ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0

access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 80

access-list inside permit tcp 192.168.1.0 255.255.255.0 any eq 443

access-group inside in interface inside

boschrexroth · ‎04-27-2004

This is exactly what I am trying to do now. Can you please post the static statement and if possible your final working config.

Thanks.