Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Pix515e 3-Ethernet DMZ

Reply
Thread Tools

Pix515e 3-Ethernet DMZ

 
 
David Henzler
Guest
Posts: n/a
 
      03-05-2009
I can't see my own servers on their outside address. I can only see them
on the DMZ address.

Anybody ?
 
Reply With Quote
 
 
 
 
Rod Dorman
Guest
Posts: n/a
 
      03-05-2009
In article <(E-Mail Removed)>,
David Henzler <(E-Mail Removed)> wrote:
>I can't see my own servers on their outside address. I can only see them
>on the DMZ address.
>
>Anybody ?


Anybody what?

You made a statement that the PIX is working as designed and
configured.

--
-- Rod --
rodd(at)polylogics(dot)com
 
Reply With Quote
 
 
 
 
jrguent@gmail.com
Guest
Posts: n/a
 
      03-05-2009
On Mar 5, 8:49*am, David Henzler <(E-Mail Removed)> wrote:
> I can't see my own servers on their outside address. *I can only see them
> on the DMZ address.
>
> Anybody ?


Have you configured inbound rules on your outside interface?

access-list outside_access_in extended permit tcp any host
<outside_ip> eq 80 assuming it is a web server being presented to the
outside interface from DMZ

Have you configured static nat statements?

static (dmz,outside) outside_ip dmz_ip netmask 255.255.255.255

Regards
 
Reply With Quote
 
David Henzler
Guest
Posts: n/a
 
      03-06-2009
On Thu, 05 Mar 2009 18:15:08 +0000, Rod Dorman wrote:

> In article <(E-Mail Removed)>,
> David Henzler <(E-Mail Removed)> wrote:
>>I can't see my own servers on their outside address. I can only see them
>>on the DMZ address.
>>
>>Anybody ?

>
> Anybody what?
>
> You made a statement that the PIX is working as designed and
> configured.


My design is not working yet. But then this is my first time using this
device, and software. I've spent time reading, and trying to understand
the methods of use. Sadly I have no training in this area, but am
learning.

Discovered that putting things in the same pool number mean that they are
lumped together in the rule. Books didn't say this, although it may have
been inferred, I missed the inferrence.

My "working" statement was in response to the guy who said I may not have
sufficient RAM. And to this point my Pix had been a brick. Although I
had set everything I could think of, I probably had missed setting the
gateway address for the dsl modem. Thus... going to DHCP on that port
made things come alive. And so sir....

What I said was:

"Turns out that the configuration was correct, and I have sufficient RAM.
The problem was that DNS wasn't functioning, and switching from STATIC to
DHCP on Ethernet0 did the trick.

The 5.2(4)ASDM software works fine, however the latest book I can find on
the WEB is not the same GUI, and it's difficult to follow the proceedures
when they differ. The latest version does things for you that previous
versions required the user to do for themselves. I'd say the new version
is just fine. Let's see a booklet from Cisco that covers it.

Cisco wouldn't talk to me when I called, stating that my product was a
"Gray Market" and I informed them that since they no longer sold or
supported it that the fact that I wasn't the original owner shouldn't have
been such an issue. Cisco repells business relationships with such an
attitude. Use of older equipment by private individuals for personal use,
or the startup business as in my case are ways for people to become Cisco
customers, and learn about the value of having their hardware. Shunning
us such a market sends us elesewhere."

Regards

David
 
Reply With Quote
 
David Henzler
Guest
Posts: n/a
 
      03-06-2009
On Thu, 05 Mar 2009 10:32:43 -0800, http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

> On Mar 5, 8:49*am, David Henzler <(E-Mail Removed)> wrote:
>> I can't see my own servers on their outside address. *I can only see them
>> on the DMZ address.
>>
>> Anybody ?

>
> Have you configured inbound rules on your outside interface?
>
> access-list outside_access_in extended permit tcp any host
> <outside_ip> eq 80 assuming it is a web server being presented to the
> outside interface from DMZ
>
> Have you configured static nat statements?
>
> static (dmz,outside) outside_ip dmz_ip netmask 255.255.255.255
>
> Regards


Thanks... I'll try configuring some outside rules this weekend.

 
Reply With Quote
 
David Henzler
Guest
Posts: n/a
 
      03-10-2009
On Fri, 06 Mar 2009 06:43:24 -0800, David Henzler wrote:

> On Thu, 05 Mar 2009 10:32:43 -0800, (E-Mail Removed) wrote:
>
>> On Mar 5, 8:49*am, David Henzler <(E-Mail Removed)> wrote:
>>> I can't see my own servers on their outside address. *I can only see them
>>> on the DMZ address.
>>>
>>> Anybody ?

>>
>> Have you configured inbound rules on your outside interface?
>>
>> access-list outside_access_in extended permit tcp any host
>> <outside_ip> eq 80 assuming it is a web server being presented to the
>> outside interface from DMZ
>>
>> Have you configured static nat statements?
>>
>> static (dmz,outside) outside_ip dmz_ip netmask 255.255.255.255
>>
>> Regards

>
> Thanks... I'll try configuring some outside rules this weekend.


I don't see where to add the outside Gateway address for the Ethernet0.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Allow smtp traffic from DMZ to Inside, without DMZ loosing Internet connection? morten Cisco 4 09-04-2007 01:48 PM
Cisco PIX DMZ to DMZ Access Network-Guy Cisco 7 09-25-2005 08:28 PM
how to config 515-e-dmz dmz routes & ACL? JohnC Cisco 9 12-07-2004 09:14 AM
The DMZ and the PIX515e saga Mick Cisco 1 07-03-2004 06:30 PM
PIX515e and the DMZ Mick Cisco 4 07-02-2004 08:35 PM



Advertisments