Solved

How do I configure pix DMZ for UDP port 5008

Posted on 2008-10-22
1
584 Views
Last Modified: 2013-11-29
Hi there
I'm doing a DR test for a customer

he has SMTP server on the inside of the network, which I've translated fine to
the problme is the DMZ, where his VPN server sits, it utilises port 5008.
I cant get the server on the DMZ to see the local lan, it's probably something simple (like me) hopefully
config below
PIX Version 7.2(1)

!




names

!

interface Ethernet0

 nameif outside

 security-level 0

 ip address ***********

!

interface Ethernet1

 nameif inside

 security-level 100

 ip address 192.168.63.254 255.255.255.0

!

interface Ethernet2

 speed 100

 duplex full

 nameif DMZ

 security-level 50

 ip address 192.168.71.254 255.255.255.0

<--- More --->
             
!

interface Ethernet3

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet4

 shutdown

 no nameif

 no security-level

 no ip address

!

interface Ethernet5

 shutdown

 no nameif

 no security-level

 no ip address

!

passwd 2KFQnbNIdI.2KYOU encrypted

ftp mode passive

dns server-group DefaultDNS

 domain-name ciscopix.com

access-list ouside-in extended permit tcp any host **.**.***.** eq smtp

<--- More --->
             
access-list ouside-in extended permit tcp any host ********** eq https

access-list ouside-in extended permit udp any host ******** eq 5008

access-list dmz-int extended permit tcp any any

access-list dmz-int extended permit udp any any

pager lines 24

mtu outside 1500

mtu inside 1500

mtu DMZ 1500

no failover

no asdm history enable

arp timeout 14400

global (outside) 101 interface

nat (inside) 101 0.0.0.0 0.0.0.0

static (DMZ,outside) ******** 192.168.71.1 netmask 255.255.255.255

static (inside,outside) ********* 192.168.63.180 netmask 255.255.255.255

static (inside,DMZ) 192.168.63.0 192.168.63.0 netmask 255.255.255.0

access-group ouside-in in interface outside

access-group dmz-int in interface DMZ

route outside 0.0.0.0 0.0.0.0 *********


!

policy-map type inspect dns preset_dns_map

 parameters

  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

<--- More --->
             
  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

!

service-policy global_policy global

prompt hostname context



: end


0
Comment
Question by:icmndr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 29

Accepted Solution

by:
Alan Huseyin Kayahan earned 500 total points
ID: 22784373
Hello icmndr,
   Try this
static (inside,DMZ) 192.168.71.1 192.168.71.1 netmask 255.255.255.255

Regards
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question