Solved

pix , config dmz webserver to talk inside dns server

Posted on 2006-06-17
3
520 Views
Last Modified: 2010-04-09
I'm new to pix and I need my DMZ webserver to talk to my internal dns server. Do I need to create static entry or just
acl. Can you please give example. Thanks
0
Comment
Question by:rxn6057
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
Comment Utility
You have to do both:
Example:

ip address inside 192.168.123.1 255.255.255.0
ip address DMZ 192.168.124.1 255.255.255.0
name DNSSERVER 192.168.123.123
name WEBSERVER 192.168.124.24

access-list DMZ permit udp host 192.168.124.24 host 192.168.123.123 eq 53
access-list DMZ deny ip host 192.168.124.24 192.168.123.0 255.255.255.0
access-list DMZ permit ip host 192.168.124.24 any
static (inside,DMZ) 192.168.123.123 192.168.123.123 netmask 255.255.255.255
access-group DMZ in interface DMZ


0
 

Author Comment

by:rxn6057
Comment Utility
Irmoore,
So, when traffic is going from low to high I will always need a static and acl entry. Is this correct?
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Correct. Unless you upgrade to the new 7.x version (only for 515 and higher)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now