Firewall Wizards mailing list archives

Re: PIX 515E config - DMZ host to inside host

From: "Chris Mitchell" <sw () dorksville net>
Date: Fri, 2 Mar 2007 16:12:27 +1100 (EST)

This one (and a bit of testing with ACL's) seemed to do the trick ....
thanks to everyone that replied. I still don't really see the logic behind
it (I tried exactly the same statement, but with the genuine subnets of
the dmz & internal instead of both being the internal subnet), but as long
as it's working I don't mind :)

I know that the config is a bit of a mess, I inherited it from a past
employee ... I'll get around to fixing it one day. I have a vague plan to
upgrade to 7.0 and rewrite the config from scratch - but of course,
difficult to do on a production system.

Once again, thanks.

Regards,

Chris Mitchell

 I would simply conifgure the internal subnet to map to the DMZ with no
address translation.  So, using "static (internal,dmz) 10.133.24.0
10.133.24.0 netmask 255.255.255.0" would allow the computer at
10.134.1.2 to simply access 10.133.24.3 directly.


--
John


-----Original Message-----
From: Chris Mitchell

PIX newbie here, not really a firewall guy but need to get some stuff
done with it, and am pretty good at basic configs. I have a 515E with 3
interfaces (inside, outside, DMZ)- I need to allow access from a host in
the DMZ to an internal host.

DMZ host - 10.134.1.2
Internal host - 10.133.24.3

====================================================
This email is confidential and intended solely for the use of the
individual or organization to whom it is addressed. Any opinions or
advice presented are solely those of the author and do not necessarily
represent those of the Millward Brown Group of Companies.  If you are
not the intended recipient of this email, you should not copy, modify,
distribute or take any action in reliance on it. If you have received
this email in error please notify the sender and delete this email
from your system. Although this email has been checked for viruses
 and other defects, no responsibility can be accepted for any loss or
damage arising from its receipt or use.
====================================================



_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX 515E config - DMZ host to inside host Chris Mitchell (Mar 01)
- Re: PIX 515E config - DMZ host to inside host Julian M. Dragut (Mar 02)
- Re: PIX 515E config - DMZ host to inside host kevin horvath (Mar 02)
- Re: PIX 515E config - DMZ host to inside host Josh (Mar 02)
- Re: PIX 515E config - DMZ host to inside host Security Guy (Mar 02)
- Re: PIX 515E config - DMZ host to inside host Paul Melson (Mar 02)
- <Possible follow-ups>
- Re: PIX 515E config - DMZ host to inside host John.Crissup (Mar 02)
  - Re: PIX 515E config - DMZ host to inside host Chris Mitchell (Mar 02)