static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
Gaz ""Ali, Abbas"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have just installed a PIX firewall with three interfaces. The Inside > network is 192.168.1.0 and the DMZ network is 192.168.2.0. > > There are a few webservers on a dmz network that need to have an access to > all the servers on the inside network. Technically I am going to have to > statically map each server on the inside netowork to an unused address on > the dmz network and then open the conduit permission. > > For example, I have a NT server running on 192.168.1.12. In order for > webserver to connect to this box I will have to to > > Static(inside, dmz) 192.168.2.12 192.168.1.12 netmask 255.255.255.255 > conduit permit tcp host 192.168.2.12 host any or 192.168.1.12. > > I will be very tedious and I will waste so many address on a dmz network > in an order to create mapping entry for all the servers on inside network. > > > Is there any smaller way of doing it? Can I map the whole dmz network to > inside network instead of mapping each unused address to inside address? > > Abbas Ali, AVVID, CCDP, CCNP, MCSE > Network Engineer II > NextiraOne, LLC > Tel: 714.428.3367 > Pager: 714.748.4817 > Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37895&t=37893 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]