How do I configure pix DMZ for UDP port 5008

Hi there
I'm doing a DR test for a customer

he has SMTP server on the inside of the network, which I've translated fine to
the problme is the DMZ, where his VPN server sits, it utilises port 5008.
I cant get the server on the DMZ to see the local lan, it's probably something simple (like me) hopefully
config below
PIX Version 7.2(1)

!




names

!

interface Ethernet0

 nameif outside

 security-level 0

 ip address ***********

!

interface Ethernet1

 nameif inside

 security-level 100

 ip address 192.168.63.254 255.255.255.0

!

interface Ethernet2

 speed 100

 duplex full

 nameif DMZ

 security-level 50

 ip address 192.168.71.254 255.255.255.0

<--- More --->
             
!

interface Ethernet3

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet4

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet5

 shutdown

 no nameif

 no security-level

 no ip address

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

dns server-group DefaultDNS

 domain-name ciscopix.com

access-list ouside-in extended permit tcp any host **.**.***.** eq smtp

<--- More --->
             
access-list ouside-in extended permit tcp any host ********** eq https

access-list ouside-in extended permit udp any host ******** eq 5008

access-list dmz-int extended permit tcp any any

access-list dmz-int extended permit udp any any

pager lines 24

mtu outside 1500

mtu inside 1500

mtu DMZ 1500

no failover

no asdm history enable

arp timeout 14400

global (outside) 101 interface

nat (inside) 101 0.0.0.0 0.0.0.0

static (DMZ,outside) ******** 192.168.71.1 netmask 255.255.255.255

static (inside,outside) ********* 192.168.63.180 netmask 255.255.255.255

static (inside,DMZ) 192.168.63.0 192.168.63.0 netmask 255.255.255.0

access-group ouside-in in interface outside

access-group dmz-int in interface DMZ

route outside 0.0.0.0 0.0.0.0 *********


!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

<--- More --->
             
  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

!

service-policy global_policy global

prompt hostname context



: end


icmndrAsked:
Who is Participating?
 
Alan Huseyin KayahanConnect With a Mentor Commented:
Hello icmndr,
   Try this
static (inside,DMZ) 192.168.71.1 192.168.71.1 netmask 255.255.255.255

Regards
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.