Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Communication between 2 DMZ hosts on PIX 515E

Posted on 2004-04-05
7
Medium Priority
?
417 Views
Last Modified: 2010-04-08
I am trying to telnet into a router which resides on my DMZ network from a host that resides on a remote DMZ network. The subnet of the DMZ is 192.168.191.0/24 the ip of the router im trying to telnet into is 192.168.191.3. the host i am connecting from is 172.16.3.22 which is connecting via a firewall (the firewall is allowing all IP traffic) plugged into the DMZ at 192.168.191.2. I can ping 192.168.191.3 from 172.16.3.22, however, when i try to initiate a telnet session I get rejected. There are no acl's on the router which are blocking telnet.  Is there something I need to do to allow these 2 dmz hosts to communicate? I believe pix doesn't allow interfaces with the same security level to communicate, is there a way around this?
0
Comment
Question by:cruzer8504
  • 2
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 10759459
Let me see if I get this right:

<Outside
PIX Fw -- >DMZ<-->Router (192.168.191.3)
<Inside       \
                  Firewall (192.168.191.2)
                        \
                      host (172.16.3.22)

Close?
0
 

Author Comment

by:cruzer8504
ID: 10759655
Yes, that is correct
0
 
LVL 4

Accepted Solution

by:
hawgpig earned 300 total points
ID: 10761938
cruzer,
You say you can ping but you can't connect....this is a good sign that there is an issue with the server or computer you are trying to telnet to....

use a syslog server to find your problem
Here is a down and dirty set up...
These links might help.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/syslog/pixemint.htm

This is a freeware syslog server software....It is the second link down (3dv2r10.exe) at the first link;
http://www.ncat.co.uk/Download/
http://www.kiwisyslog.com

Syslog Error messages.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/syslog/pixemsgs.htm


Here is the setup in a nut shell
Install the syslog serversoftware on an internal host.
Type the following at the console
logging host inside 192.168.1.5 <(internal static IP address where you installed the Syslog server software)
logging trap 7
logging on
write mem

Make sure you do a
no logging on (turns off logging)
after testing
or do a
logging trap warnings (lowers the logging level to 4)
or
logging trap notifications (lowers the logging level to 5)
OR
Turn off loggin all together
no logging on
Don't forget a
write mem

When you get the syslog look for a "build up" connection that is coming from your computer on the outside...then watch for the teardown that is associated with the connection number.

at the end of the teardown line there will be something that sayes RESET-I, Reset-O, SYN TIMEOUT, etc....
let me know what you find...
good luck

0
 
LVL 4

Expert Comment

by:hawgpig
ID: 10761948
if you don't see any "build ups" look for a DENY on the address that you are coming from...
Good Luck...
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 10807743
Are you still working on this? Do you need more information?
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question