Re: pix dmz configuration

Fri, 20 Apr 2001 11:56:45 -0700 

the statement allowing icmp in the config is 

conduit permit icmp any any

connections to the dmz are working fine from internal
and external interfaces. Can ftp and send and retrieve
data. 

Establishing an outbound connection from dmz are not
working though. 
cant even ping external interface 
can ping dmz interface.

--- Network  Operations <[EMAIL PROTECTED]>
wrote:
> Hi Todd,
> 
> Do you have the permit ICMP any any command set? Or
> permit ICMP echo reply (whatever your security
> policy dictates)..
> 
> If you have access lists set up I believe these will
> superscede the permit ICMP command, so you may need
> to take a look at them as well..
> 
> 
> cheers..
> 
> Marc..
> 
> >>> Todd <[EMAIL PROTECTED]> 04/20 8:04 AM >>>
> I have a dmz configured on a pix. In the dmz there
> is
> an ftp server which is functioning properly. can ftp
> to it from internal interface and from external
> interface.
> 
> My problem is that I cannot start a session from the
> ftp server itself. I cannot ping the dns server (
> external w/ ISP). In fact I cannot even ping the
> external interface.
> 
> My goal is to have virus scan do auto updates.
> 
> here relevant config: modified to protect the
> innocent.
> 
> fixup protocol ftp strict 21
> 
> global (dmz1) 1 172.16.3.2-172.16.3.100
> 
> nat (dmz1) 1 172.16.3.0 255.255.0.0 0 0
> 
> static (inside,outside) w.x.y.z 172.16.1.10 netmask
> 255.255.255.255 0 0
> static (dmz1,outside) a.b.c.d 172.16.3.3 netmask
> 255.255.255.255 0 0
> 
> conduit permit tcp host a.b.c.d eq ftp any
> conduit permit tcp host a.b.c.d eq ftp-data any
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great
> prices
> http://auctions.yahoo.com/ 
> -
> [To unsubscribe, send mail to
> [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to