Solved

How do I configure pix DMZ for UDP port 5008

Posted on 2008-10-22
1
581 Views
Last Modified: 2013-11-29
Hi there
I'm doing a DR test for a customer

he has SMTP server on the inside of the network, which I've translated fine to
the problme is the DMZ, where his VPN server sits, it utilises port 5008.
I cant get the server on the DMZ to see the local lan, it's probably something simple (like me) hopefully
config below
PIX Version 7.2(1)

!




names

!

interface Ethernet0

 nameif outside

 security-level 0

 ip address ***********

!

interface Ethernet1

 nameif inside

 security-level 100

 ip address 192.168.63.254 255.255.255.0

!

interface Ethernet2

 speed 100

 duplex full

 nameif DMZ

 security-level 50

 ip address 192.168.71.254 255.255.255.0

<--- More --->
             
!

interface Ethernet3

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet4

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet5

 shutdown

 no nameif

 no security-level

 no ip address

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

dns server-group DefaultDNS

 domain-name ciscopix.com

access-list ouside-in extended permit tcp any host **.**.***.** eq smtp

<--- More --->
             
access-list ouside-in extended permit tcp any host ********** eq https

access-list ouside-in extended permit udp any host ******** eq 5008

access-list dmz-int extended permit tcp any any

access-list dmz-int extended permit udp any any

pager lines 24

mtu outside 1500

mtu inside 1500

mtu DMZ 1500

no failover

no asdm history enable

arp timeout 14400

global (outside) 101 interface

nat (inside) 101 0.0.0.0 0.0.0.0

static (DMZ,outside) ******** 192.168.71.1 netmask 255.255.255.255

static (inside,outside) ********* 192.168.63.180 netmask 255.255.255.255

static (inside,DMZ) 192.168.63.0 192.168.63.0 netmask 255.255.255.0

access-group ouside-in in interface outside

access-group dmz-int in interface DMZ

route outside 0.0.0.0 0.0.0.0 *********


!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

<--- More --->
             
  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

!

service-policy global_policy global

prompt hostname context



: end


0
Comment
Question by:icmndr
1 Comment
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 500 total points
ID: 22784373
Hello icmndr,
   Try this
static (inside,DMZ) 192.168.71.1 192.168.71.1 netmask 255.255.255.255

Regards
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question