Re: Cisco PIX

Tue, 06 Jun 2000 01:47:34 -0700 

Hi Rob,

if I understand you correctly, you have the following setup:

Outside PIX IP:  aaa.aaa.aaa.98
Inside: 192.168.5.1
DMZ: aaa.aaa.aaa.100   
You have a webserver 192.168.5.5 in the DMZ net that you
want to translate to aaa.aaa.aaa.100

I dont believe that this configuration will work. You must not
assign your DMZ a address you want to do a static translation to.
You rather should give it a IP-Adress out of the DMZ net. I would
give it for instance a 192.168.6.1 and the webserver a 192.168.6.5
as you will have to give it an other IP-Address than your inside net.
After that you ll simply have to activate the following static:
static (dmz1,outside) aaa.aaa.aaa.100 192.168.6.5 netmask 255.255.255.255

This should work perfectly....

Best regards
Sascha Weigelmann

--------------------------------------------------------------------------------
Sascha Weigelmann                Email: [EMAIL PROTECTED] 
                                                 Tel.: +49 6172-288-383
                                                 Mobil 0170-5778857
                                                 Fax: +49 6172-288-402
     
ADS System AG                       http://www.ads.de 
Siemensstr. 25a
D-61352 Bad Homburg
     
                   The Network Service Company
--------------------------------------------------------------------------------


>>> "Rob Serfozo" <[EMAIL PROTECTED]> 05.06.2000  19.36 Uhr >>>
Having just installed a new Pix 515, I am trying to get the setup correct
for our system.  Obviously we want to protect our internal network, our only
outside system at this time will be one Web Server on a DMZ(dmz1).  I have
the following setup now.

outside address aaa.aaa.aaa.98
inside address 192.168.5.1

I am using NAT to translate our internal address to the group that we have
been assigned by our ISP   (aaa.aaa.aaa.aaa)

All at this point seems operational.  Now I need to set up our webserver and
DMZ.

I have assigned ether2, the first in a 4 port card, as DMZ1 with
aaa.aaa.aaa.100

Now I am trying to use the following commands.

static (dmz1,outside) aaa.aaa.aaa.100 192.168.5.5 netmask 255.255.255.255

This returns the following
>>>>invalid global IP address (dmz1,outside)

The show IP lists the dmz1 as the aaa.aaa.aaa.100 address.

Any help.

Thanks,
Rob Serfozo
Kennedy Space Center FCU

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to