asked on
dmz and lan communication on pix
Hi there,
ive configured a few static commands for communication between devices on a dmz interface and inside interface of a pix .... lately, i been experiencing timeouts in ping at regular intervals and am just wondering what would be the reason for that ? applications running on those devices are under severe load ... Am just wondering if the below given commands of static in pix has to do with that ? what other things can possible cause this ? Given below are static commands ive configured.
203.x.x.x is the public I.P on dmz servers; 172.x.x.x is the wan links; 10.0.0.0 is the lan servers I.P that are connceted to the inside interface of pix (thru to a router and then switch)
static (dmz,outside) 203.38.180.192 203.38.180.192 netmask 255.25
5.255.224
static (inside,dmz) 172.0.0.0 172.0.0.0 netmask 255.0.0.0
static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
nat (dmz) 1 0.0.0.0 0.0.0.0
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface
global (dmz) 1 interface
Anything wrong in the way I've set up the communication between dmz servers and lan servers using the above commands ???
ive configured a few static commands for communication between devices on a dmz interface and inside interface of a pix .... lately, i been experiencing timeouts in ping at regular intervals and am just wondering what would be the reason for that ? applications running on those devices are under severe load ... Am just wondering if the below given commands of static in pix has to do with that ? what other things can possible cause this ? Given below are static commands ive configured.
203.x.x.x is the public I.P on dmz servers; 172.x.x.x is the wan links; 10.0.0.0 is the lan servers I.P that are connceted to the inside interface of pix (thru to a router and then switch)
static (dmz,outside) 203.38.180.192 203.38.180.192 netmask 255.25
5.255.224
static (inside,dmz) 172.0.0.0 172.0.0.0 netmask 255.0.0.0
static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
nat (dmz) 1 0.0.0.0 0.0.0.0
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface
global (dmz) 1 interface
Anything wrong in the way I've set up the communication between dmz servers and lan servers using the above commands ???
CiscoRoutersHardware Firewalls
Last Comment
Les Moore
ASKER
yep...
but i just wanna confirm that if those two static commands ive given for dmz<->inside host communication and vice versa is correct and if thats the way communication is managed between both sides in real networks ? i.e. between dmz and lan
but i just wanna confirm that if those two static commands ive given for dmz<->inside host communication and vice versa is correct and if thats the way communication is managed between both sides in real networks ? i.e. between dmz and lan
Yes, those static commands are the preferred way to handle traffic between dmz and lan, expecially if there is ever any traffic originating on the DMZ pushing to an internal host (i.e. email relay, web server to sql backend, snmp traps to nms, etc).
ASKER
Exactly !
Between can u recommend me duplex and speed settings between pix and switch interface .... i think it maybe the duplex settings, speed settings that are causing this issue ... do i need to set them explicitly on pix and would it detect itself from the switch (full duplex/speed 100) ?
Between can u recommend me duplex and speed settings between pix and switch interface .... i think it maybe the duplex settings, speed settings that are causing this issue ... do i need to set them explicitly on pix and would it detect itself from the switch (full duplex/speed 100) ?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
so i go to pix interface
speed 100
duplex full
and same on the switch ???
speed 100
duplex full
and same on the switch ???
Yes
>applications running on those devices are under severe load
When a system is under severe load, processing ICMP is lowest priority and often results in timeouts