General discussion

Locked

CISCO DMZ configuration

By hamichael ·
Hi!

I am having a problem allowing my Web Server in DMZ to connect to Database server in Internal interface. I understand that some of you are highly expert in CISCO PIX, could you kindly give me an advice in this matter? My PIX configuration are as below. Thank you very in advance.


PIX Version 6.3(3)

access-list 101 permit ip any any
access-list 301 permit tcp any host 205.145.71.82 eq www
access-list 201 permit ip any any
ip address inside 192.168.0.3 255.255.255.0
ip address dmz 192.168.6.1 255.255.255.0
global (outside) 1 205.145.71.81
global (dmz) 1 192.168.6.100-192.168.6.150
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
nat (dmz) 1 192.168.6.0 255.255.255.0 0 0
static (dmz,outside) 205.145.71.82 192.168.6.3 netmask 255.255.255.255 0 0
access-group 301 in interface outside
access-group 101 in interface inside
access-group 201 in interface dmz

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

You need to alter your DMZ Access-List

by bbanis2k In reply to CISCO DMZ configuration

access-list 201 permit tcp host 192.168.6.3 host <DBase Server IP> eq <port # if you know it>

static (dmz,inside) 192.168.6.0 192.168.6.0 netmask 255.255.255.0 0 0

Collapse -

Still can not access it the database in Internal network

by hamichael In reply to You need to alter your D ...

Hi!

I have added following Access-List and Static entry but still not working Could you recommend another alternative?

access-list 201 permit tcp host 192.168.6.3 host 192.168.0.21 eq 1521

static (dmz,inside) 192.168.6.0 192.168.6.0 netmask 255.255.255.0 0 0

Collapse -

Still can not access it the database in Internal network

by hamichael In reply to You need to alter your D ...

Hi!

I have added following Access-List and Static entry but still not working Could you recommend another alternative?

access-list 201 permit tcp host 192.168.6.3 host 192.168.0.21 eq 1521

static (dmz,inside) 192.168.6.0 192.168.6.0 netmask 255.255.255.0 0 0

Back to IT Employment Forum
3 total posts (Page 1 of 1)  

Related Forums