PIX Question [7:37893]
I have just installed a PIX firewall with three interfaces. The Inside network is 192.168.1.0 and the DMZ network is 192.168.2.0. There are a few webservers on a dmz network that need to have an access to all the servers on the inside network. Technically I am going to have to statically map each server on the inside netowork to an unused address on the dmz network and then open the conduit permission. For example, I have a NT server running on 192.168.1.12. In order for webserver to connect to this box I will have to to Static(inside, dmz) 192.168.2.12 192.168.1.12 netmask 255.255.255.255 conduit permit tcp host 192.168.2.12 host any or 192.168.1.12. I will be very tedious and I will waste so many address on a dmz network in an order to create mapping entry for all the servers on inside network. Is there any smaller way of doing it? Can I map the whole dmz network to inside network instead of mapping each unused address to inside address? Abbas Ali, AVVID, CCDP, CCNP, MCSE Network Engineer II NextiraOne, LLC Tel: 714.428.3367 Pager: 714.748.4817 Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37893t=37893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Question [7:37893]
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 Gaz Ali, Abbas wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have just installed a PIX firewall with three interfaces. The Inside network is 192.168.1.0 and the DMZ network is 192.168.2.0. There are a few webservers on a dmz network that need to have an access to all the servers on the inside network. Technically I am going to have to statically map each server on the inside netowork to an unused address on the dmz network and then open the conduit permission. For example, I have a NT server running on 192.168.1.12. In order for webserver to connect to this box I will have to to Static(inside, dmz) 192.168.2.12 192.168.1.12 netmask 255.255.255.255 conduit permit tcp host 192.168.2.12 host any or 192.168.1.12. I will be very tedious and I will waste so many address on a dmz network in an order to create mapping entry for all the servers on inside network. Is there any smaller way of doing it? Can I map the whole dmz network to inside network instead of mapping each unused address to inside address? Abbas Ali, AVVID, CCDP, CCNP, MCSE Network Engineer II NextiraOne, LLC Tel: 714.428.3367 Pager: 714.748.4817 Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37895t=37893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX Question [7:37893]
or static (inside,dmz) 192.168.1.0 192.168.2.0 netmask 255.255.255.0 to treat the 2 network DMZ and inside zone in routing mode... Gaz wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 Gaz Ali, Abbas wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I have just installed a PIX firewall with three interfaces. The Inside network is 192.168.1.0 and the DMZ network is 192.168.2.0. There are a few webservers on a dmz network that need to have an access to all the servers on the inside network. Technically I am going to have to statically map each server on the inside netowork to an unused address on the dmz network and then open the conduit permission. For example, I have a NT server running on 192.168.1.12. In order for webserver to connect to this box I will have to to Static(inside, dmz) 192.168.2.12 192.168.1.12 netmask 255.255.255.255 conduit permit tcp host 192.168.2.12 host any or 192.168.1.12. I will be very tedious and I will waste so many address on a dmz network in an order to create mapping entry for all the servers on inside network. Is there any smaller way of doing it? Can I map the whole dmz network to inside network instead of mapping each unused address to inside address? Abbas Ali, AVVID, CCDP, CCNP, MCSE Network Engineer II NextiraOne, LLC Tel: 714.428.3367 Pager: 714.748.4817 Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=37916t=37893 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
