Re: PIX 520 - control traffic between DMZ and inside devices

["Miha Vitorovic" <miha () nil si>]

Hi,

It is hard to tell you, what is wrong w/o seeing the config, but:

> Hers's my quandry: The webserver also needs to be limited to port 1433, 
TCP
> and UDP, to a specific MSSQL server on the inside and all traffic may 
flow
> on all ports to another computer on the inside. How do I control traffic
> between DMZ and inside devices?

To get to inside from DMZ you will need,

- static mappings of the inside devices (may be set to something like 
"static (inside,DMZ) <translated address [global]> <inside address 
[local]> netmask 255.255.255.255" if you need an entire [range of] 
network[s])
- set the appropriate ACLs on the DMZ interface
- Set the routes for the inside networks (the ones that are not directly 
connected to the inside interface).

set appropriate fixups if needed
clear xlat
hope for the best ;-)

---
  Miha Vitorovic
  Inženir v tehničnem področju
  Customer Support Engineer

   NIL Data Communications,  Einspielerjeva 6,  1000 Ljubljana,  Slovenia
   Phone +386 1 4746 500      Fax +386 1 4746 501     http://www.NIL.si

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards