RE: pix dmz configuration

Aureliand Cunanan Fri, 20 Apr 2001 14:03:12 -0700
Did you put in an outbound statement for your dmz server?

ex: outbound 30 permit 172.16.3.0 255.255.0.0 0 tcp

-----Original Message-----
From: Todd [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 20, 2001 12:21 PM
To: [EMAIL PROTECTED]
Subject: Re: pix dmz configuration


the icmp statement reads

conduit permit icmp any any
there are no access-lists configured on this box.

connectivity works fine while connecting to the ftp
server in the dmz. however when logged into the ftp
server (in dmz) I cannot establish an outbound
connection.

Todd

--- Network  Operations <[EMAIL PROTECTED]>
wrote:
> Hi Todd,
> 
> Do you have the permit ICMP any any command set? Or
> permit ICMP echo reply (whatever your security
> policy dictates)..
> 
> If you have access lists set up I believe these will
> superscede the permit ICMP command, so you may need
> to take a look at them as well..
> 
> 
> cheers..
> 
> Marc..
> 
> >>> Todd <[EMAIL PROTECTED]> 04/20 8:04 AM >>>
> I have a dmz configured on a pix. In the dmz there
> is
> an ftp server which is functioning properly. can ftp
> to it from internal interface and from external
> interface.
> 
> My problem is that I cannot start a session from the
> ftp server itself. I cannot ping the dns server (
> external w/ ISP). In fact I cannot even ping the
> external interface.
> 
> My goal is to have virus scan do auto updates.
> 
> here relevant config: modified to protect the
> innocent.
> 
> fixup protocol ftp strict 21
> 
> global (dmz1) 1 172.16.3.2-172.16.3.100
> 
> nat (dmz1) 1 172.16.3.0 255.255.0.0 0 0
> 
> static (inside,outside) w.x.y.z 172.16.1.10 netmask
> 255.255.255.255 0 0
> static (dmz1,outside) a.b.c.d 172.16.3.3 netmask
> 255.255.255.255 0 0
> 
> conduit permit tcp host a.b.c.d eq ftp any
> conduit permit tcp host a.b.c.d eq ftp-data any
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great
> prices
> http://auctions.yahoo.com/ 
> -
> [To unsubscribe, send mail to
> [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
RE: pix dmz configuration

Reply via email to
