Solved

How do I configure pix DMZ for UDP port 5008

Posted on 2008-10-22
1
583 Views
Last Modified: 2013-11-29
Hi there
I'm doing a DR test for a customer

he has SMTP server on the inside of the network, which I've translated fine to
the problme is the DMZ, where his VPN server sits, it utilises port 5008.
I cant get the server on the DMZ to see the local lan, it's probably something simple (like me) hopefully
config below
PIX Version 7.2(1)

!




names

!

interface Ethernet0

 nameif outside

 security-level 0

 ip address ***********

!

interface Ethernet1

 nameif inside

 security-level 100

 ip address 192.168.63.254 255.255.255.0

!

interface Ethernet2

 speed 100

 duplex full

 nameif DMZ

 security-level 50

 ip address 192.168.71.254 255.255.255.0

<--- More --->
             
!

interface Ethernet3

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet4

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet5

 shutdown

 no nameif

 no security-level

 no ip address

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

dns server-group DefaultDNS

 domain-name ciscopix.com

access-list ouside-in extended permit tcp any host **.**.***.** eq smtp

<--- More --->
             
access-list ouside-in extended permit tcp any host ********** eq https

access-list ouside-in extended permit udp any host ******** eq 5008

access-list dmz-int extended permit tcp any any

access-list dmz-int extended permit udp any any

pager lines 24

mtu outside 1500

mtu inside 1500

mtu DMZ 1500

no failover

no asdm history enable

arp timeout 14400

global (outside) 101 interface

nat (inside) 101 0.0.0.0 0.0.0.0

static (DMZ,outside) ******** 192.168.71.1 netmask 255.255.255.255

static (inside,outside) ********* 192.168.63.180 netmask 255.255.255.255

static (inside,DMZ) 192.168.63.0 192.168.63.0 netmask 255.255.255.0

access-group ouside-in in interface outside

access-group dmz-int in interface DMZ

route outside 0.0.0.0 0.0.0.0 *********


!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

<--- More --->
             
  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

!

service-policy global_policy global

prompt hostname context



: end


0
Comment
Question by:icmndr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 500 total points
ID: 22784373
Hello icmndr,
   Try this
static (inside,DMZ) 192.168.71.1 192.168.71.1 netmask 255.255.255.255

Regards
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Bandwidth cap???? 8 99
Layer 3 switch recommendation 15 99
Sonicwall VPN and DHCP Setup 10 95
Cisco ACS Adding Root and Intermediate Certs 2 64
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question