Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 552
  • Last Modified:

pix , config dmz webserver to talk inside dns server

I'm new to pix and I need my DMZ webserver to talk to my internal dns server. Do I need to create static entry or just
acl. Can you please give example. Thanks
0
rxn6057
Asked:
rxn6057
  • 2
1 Solution
 
lrmooreCommented:
You have to do both:
Example:

ip address inside 192.168.123.1 255.255.255.0
ip address DMZ 192.168.124.1 255.255.255.0
name DNSSERVER 192.168.123.123
name WEBSERVER 192.168.124.24

access-list DMZ permit udp host 192.168.124.24 host 192.168.123.123 eq 53
access-list DMZ deny ip host 192.168.124.24 192.168.123.0 255.255.255.0
access-list DMZ permit ip host 192.168.124.24 any
static (inside,DMZ) 192.168.123.123 192.168.123.123 netmask 255.255.255.255
access-group DMZ in interface DMZ


0
 
rxn6057Author Commented:
Irmoore,
So, when traffic is going from low to high I will always need a static and acl entry. Is this correct?
0
 
lrmooreCommented:
Correct. Unless you upgrade to the new 7.x version (only for 515 and higher)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now