PIX allow traffic from DMZ to INSIDE

Posted on 2005-05-10
Last Modified: 2010-04-09

PIX 5.2 - Please give example using conduit, I know they should be acl but I'm more familiar with the old conduit commands

I would like to allow traffic from the DMZ 192.x.x.x (one specific machine/ip) to the INSIDE 10.x.x.x (all machines/ip) on one particular port.  We have a virus mgmt server on the DMZ that needs to communicate with workstations on the INSIDE.

Question by:timmae

    Expert Comment

    Hi there..
    To be able to communicate between systems on a lower security level (dmz) to a higher security level you need to make a static line first. In your case:

    static (inside,dmz) 192.x.x.x 10.x.x.x (just fill in the right names/adresses)

    Then you can config the conduit :

    conduit permit tcp 10.x.x.x eq [protocol] host 192.x.x.x

    just fill in the right data (tcp/udp, protocol, and hosts/netmasks)

    Hope this works.. otherwise I can explain the access-lists as well


    Author Comment


    I have entered the following commands:

    static (inside,dmz)
    conduit permit tcp eq 9999 host

    .31 is the server in the dmz
    when I try to telnet from the server (.31) to port 9999 I still cannot get through

    Author Comment

    Not sure if I explained correctly, but this is how I got it to work.

    static (inside,dmz) netmask 0 0
    Conduit permit tcp any eq 26017 host

    I needed the machine on the DMZ to get to the workstations on the inside with their 10.0.0.x address on port 26017.  So the static above worked, I'll just need one for each address.

    I don't think points are in order here.  I got more help from a previous post from lrmoore.  Maybe they should get the points.

    LVL 1

    Accepted Solution

    PAQed with points (500) refunded

    Community Support Moderator

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
    This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now