• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 322
  • Last Modified:

PIX allow traffic from DMZ to INSIDE


PIX 5.2 - Please give example using conduit, I know they should be acl but I'm more familiar with the old conduit commands

I would like to allow traffic from the DMZ 192.x.x.x (one specific machine/ip) to the INSIDE 10.x.x.x (all machines/ip) on one particular port.  We have a virus mgmt server on the DMZ that needs to communicate with workstations on the INSIDE.

0
timmae
Asked:
timmae
  • 2
1 Solution
 
PatrickKoksCommented:
Hi there..
To be able to communicate between systems on a lower security level (dmz) to a higher security level you need to make a static line first. In your case:

static (inside,dmz) 192.x.x.x 10.x.x.x (just fill in the right names/adresses)

Then you can config the conduit :

conduit permit tcp 10.x.x.x 255.0.0.0 eq [protocol] host 192.x.x.x

just fill in the right data (tcp/udp, protocol, and hosts/netmasks)

Hope this works.. otherwise I can explain the access-lists as well

Patrick
0
 
timmaeAuthor Commented:

I have entered the following commands:

static (inside,dmz) 192.168.0.31 10.0.0.31
conduit permit tcp 10.0.0.0 255.0.0.0 eq 9999 host 192.168.0.31

.31 is the server in the dmz
when I try to telnet from the server (.31) to 10.0.0.14 port 9999 I still cannot get through
 
0
 
timmaeAuthor Commented:
Not sure if I explained correctly, but this is how I got it to work.

static (inside,dmz) 10.0.0.12 10.0.0.12 netmask 255.255.255.255 0 0
Conduit permit tcp any eq 26017 host 192.168.0.31

I needed the machine on the DMZ 19.168.0.31 to get to the workstations on the inside with their 10.0.0.x address on port 26017.  So the static above worked, I'll just need one for each address.

I don't think points are in order here.  I got more help from a previous post from lrmoore.  Maybe they should get the points.

0
 
DarthModCommented:
PAQed with points (500) refunded

DarthMod
Community Support Moderator
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now