Solved

Cisco Pix 515E - dmz configuration

Posted on 2003-11-13
5
1,313 Views
Last Modified: 2013-11-16
Hi,

I have a Cisco Pix 515e fire wall and comleted all basic configurations along with DMZ.

Inside IP range 192.168.X.X
DMZ IP rang   172.16.X.X

I want to access(read and wriite files) the systems in the DMZ from the inside network systemalso access the systems(read and write files) inside the local network from the system within the DMZ

What is the command line configuration to do this.

Can comeone help me


Thanks
Deva
0
Comment
Question by:deva_rajesh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 250 total points
ID: 9739138
You don't need any PIX configuration to access the DMZ from the inside unless you're filtering outbound traffic.


I'd be very cautious about setting up a share on a windoze machine in the DMZ and would heartily suggest FTP for that purpose as the IP filtering on the server will be much more straightforward and the protocol is subject to a lot fewer vulnerabilities.

If you want to address a host on a higher security interface, assign an address in the DMZ, create a static NAT and appropriate access lists *dbl chk syntax*
static (inside, DMZ) 192.168.xxx.xxx 172.16.x.x  255.255.255.255
access-list dmz_in permit tcp any host <host address> eq (service - ftp, any, etc.)  
access-group dmz_in in interface insode
 
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#26921
would be some good bedtime reading
;-)
0
 
LVL 2

Expert Comment

by:skyfreedomdotnet
ID: 9884679
Deva do you have PIX Device Manager installed? What is the version of your IOS on the PIX?
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question