Solved

Cisco Pix 515E - dmz configuration

Posted on 2003-11-13
5
1,300 Views
Last Modified: 2013-11-16
Hi,

I have a Cisco Pix 515e fire wall and comleted all basic configurations along with DMZ.

Inside IP range 192.168.X.X
DMZ IP rang   172.16.X.X

I want to access(read and wriite files) the systems in the DMZ from the inside network systemalso access the systems(read and write files) inside the local network from the system within the DMZ

What is the command line configuration to do this.

Can comeone help me


Thanks
Deva
0
Comment
Question by:deva_rajesh
5 Comments
 
LVL 18

Accepted Solution

by:
chicagoan earned 250 total points
ID: 9739138
You don't need any PIX configuration to access the DMZ from the inside unless you're filtering outbound traffic.


I'd be very cautious about setting up a share on a windoze machine in the DMZ and would heartily suggest FTP for that purpose as the IP filtering on the server will be much more straightforward and the protocol is subject to a lot fewer vulnerabilities.

If you want to address a host on a higher security interface, assign an address in the DMZ, create a static NAT and appropriate access lists *dbl chk syntax*
static (inside, DMZ) 192.168.xxx.xxx 172.16.x.x  255.255.255.255
access-list dmz_in permit tcp any host <host address> eq (service - ftp, any, etc.)  
access-group dmz_in in interface insode
 
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/bafwcfg.htm#26921
would be some good bedtime reading
;-)
0
 
LVL 2

Expert Comment

by:skyfreedomdotnet
ID: 9884679
Deva do you have PIX Device Manager installed? What is the version of your IOS on the PIX?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now