Solved

How do I configure pix DMZ for UDP port 5008

Posted on 2008-10-22
1
582 Views
Last Modified: 2013-11-29
Hi there
I'm doing a DR test for a customer

he has SMTP server on the inside of the network, which I've translated fine to
the problme is the DMZ, where his VPN server sits, it utilises port 5008.
I cant get the server on the DMZ to see the local lan, it's probably something simple (like me) hopefully
config below
PIX Version 7.2(1)

!




names

!

interface Ethernet0

 nameif outside

 security-level 0

 ip address ***********

!

interface Ethernet1

 nameif inside

 security-level 100

 ip address 192.168.63.254 255.255.255.0

!

interface Ethernet2

 speed 100

 duplex full

 nameif DMZ

 security-level 50

 ip address 192.168.71.254 255.255.255.0

<--- More --->
             
!

interface Ethernet3

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet4

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet5

 shutdown

 no nameif

 no security-level

 no ip address

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

dns server-group DefaultDNS

 domain-name ciscopix.com

access-list ouside-in extended permit tcp any host **.**.***.** eq smtp

<--- More --->
             
access-list ouside-in extended permit tcp any host ********** eq https

access-list ouside-in extended permit udp any host ******** eq 5008

access-list dmz-int extended permit tcp any any

access-list dmz-int extended permit udp any any

pager lines 24

mtu outside 1500

mtu inside 1500

mtu DMZ 1500

no failover

no asdm history enable

arp timeout 14400

global (outside) 101 interface

nat (inside) 101 0.0.0.0 0.0.0.0

static (DMZ,outside) ******** 192.168.71.1 netmask 255.255.255.255

static (inside,outside) ********* 192.168.63.180 netmask 255.255.255.255

static (inside,DMZ) 192.168.63.0 192.168.63.0 netmask 255.255.255.0

access-group ouside-in in interface outside

access-group dmz-int in interface DMZ

route outside 0.0.0.0 0.0.0.0 *********


!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

<--- More --->
             
  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

!

service-policy global_policy global

prompt hostname context



: end


0
Comment
Question by:icmndr
1 Comment
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 500 total points
ID: 22784373
Hello icmndr,
   Try this
static (inside,DMZ) 192.168.71.1 192.168.71.1 netmask 255.255.255.255

Regards
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question