PIX allow traffic from DMZ to INSIDE

PIX 5.2 - Please give example using conduit, I know they should be acl but I'm more familiar with the old conduit commands

I would like to allow traffic from the DMZ 192.x.x.x (one specific machine/ip) to the INSIDE 10.x.x.x (all machines/ip) on one particular port.  We have a virus mgmt server on the DMZ that needs to communicate with workstations on the INSIDE.

Who is Participating?
DarthModConnect With a Mentor Commented:
PAQed with points (500) refunded

Community Support Moderator
Hi there..
To be able to communicate between systems on a lower security level (dmz) to a higher security level you need to make a static line first. In your case:

static (inside,dmz) 192.x.x.x 10.x.x.x (just fill in the right names/adresses)

Then you can config the conduit :

conduit permit tcp 10.x.x.x eq [protocol] host 192.x.x.x

just fill in the right data (tcp/udp, protocol, and hosts/netmasks)

Hope this works.. otherwise I can explain the access-lists as well

timmaeAuthor Commented:

I have entered the following commands:

static (inside,dmz)
conduit permit tcp eq 9999 host

.31 is the server in the dmz
when I try to telnet from the server (.31) to port 9999 I still cannot get through
timmaeAuthor Commented:
Not sure if I explained correctly, but this is how I got it to work.

static (inside,dmz) netmask 0 0
Conduit permit tcp any eq 26017 host

I needed the machine on the DMZ to get to the workstations on the inside with their 10.0.0.x address on port 26017.  So the static above worked, I'll just need one for each address.

I don't think points are in order here.  I got more help from a previous post from lrmoore.  Maybe they should get the points.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.