• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 322
  • Last Modified:

PIX allow traffic from DMZ to INSIDE

PIX 5.2 - Please give example using conduit, I know they should be acl but I'm more familiar with the old conduit commands

I would like to allow traffic from the DMZ 192.x.x.x (one specific machine/ip) to the INSIDE 10.x.x.x (all machines/ip) on one particular port.  We have a virus mgmt server on the DMZ that needs to communicate with workstations on the INSIDE.

  • 2
1 Solution
Hi there..
To be able to communicate between systems on a lower security level (dmz) to a higher security level you need to make a static line first. In your case:

static (inside,dmz) 192.x.x.x 10.x.x.x (just fill in the right names/adresses)

Then you can config the conduit :

conduit permit tcp 10.x.x.x eq [protocol] host 192.x.x.x

just fill in the right data (tcp/udp, protocol, and hosts/netmasks)

Hope this works.. otherwise I can explain the access-lists as well

timmaeAuthor Commented:

I have entered the following commands:

static (inside,dmz)
conduit permit tcp eq 9999 host

.31 is the server in the dmz
when I try to telnet from the server (.31) to port 9999 I still cannot get through
timmaeAuthor Commented:
Not sure if I explained correctly, but this is how I got it to work.

static (inside,dmz) netmask 0 0
Conduit permit tcp any eq 26017 host

I needed the machine on the DMZ to get to the workstations on the inside with their 10.0.0.x address on port 26017.  So the static above worked, I'll just need one for each address.

I don't think points are in order here.  I got more help from a previous post from lrmoore.  Maybe they should get the points.

PAQed with points (500) refunded

Community Support Moderator

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now