Accessing higher security level from higher security level

Discussion in 'Cisco' started by nderose@gmail.com, Jul 11, 2005.

  1. Guest

    I'm a newbie and and setting up a pix firewall and i need to access
    higher security level from a lower security level. Ideally just need to
    be able use terminal services. This is what the configuration is. I
    need to user terminal services from tmx-dmz to get access to singlemom.
    This is just the relevant stuff below for this network

    nameif ethernet0 outside security0
    nameif ethernet1 singlemom security98
    nameif ethernet2 failover security97
    nameif ethernet3 intdmz security80
    nameif ethernet4 dmz1 security40
    nameif ethernet5 tmx-dmz security90

    access-list acl_nonat permit ip 10.0.0.0 255.0.0.0 10.100.1.0
    255.255.255.0
    access-list acl_nonat permit ip TMX-DMZ 255.255.0.0 INTDMZ 255.255.0.0
    access-list acl_nonat permit ip TMX-DMZ 255.255.0.0 NET0_DMZ1
    255.255.0.0
    access-list acl_out permit tcp any host 198.x.x.xeq smtp
    access-list acl_out permit tcp any host 198.x.x.xeq pop3
    access-list acl_out permit tcp any host 198.x.x.x eq 5900
    access-list acl_out permit tcp any host 198.x.x.x eq 5500
    access-list acl_out permit tcp any host 198.x.x.x eq 3389
    access-list singlemom_in line 2 permit ip any any
    access-list singlemom_in line 3 permit icmp any any
    access-list singlemom_in line 4 permit tcp any any eq 3389

    global (outside) 1001 198.87.36.128-198.87.36.199
    global (outside) 1100 198.87.36.201-198.87.36.210
    global (outside) 1101 198.87.36.100-198.87.36.120
    global (outside) 1100 198.87.36.200
    global (outside) 1011 198.87.36.124
    global (singlemom) 1011 10.50.0.20-10.50.0.250 netmask 255.255.0.0
    global (singlemom) 1011 10.50.0.5-10.50.0.254 netmask 255.255.0.0
    global (dmz1) 1001 10.150.100.0-10.150.100.250 netmask 255.255.0.0
    global (dmz1) 1100 10.150.110.0-10.150.110.250 netmask 255.255.255.0
    global (tmx-dmz) 1101 10.10.0.2-10.10.0.250 netmask 255.255.0.0
    nat (singlemom) 0 access-list acl_nonat
    nat (singlemom) 1011 singlemom 255.255.0.0 dns 0 0
    nat (intdmz) 0 access-list acl_nonat
    nat (intdmz) 1100 INTDMZ 255.255.0.0 dns 0 0
    nat (dmz1) 0 access-list acl_nonat
    nat (tmx-dmz) 0 access-list acl_nonat
    nat (tmx-dmz) 1101 TMX-DMZ 255.255.0.0 0 0

    static (singlemom,outside) 198.x.x.x 10.50.0.10 dns netmask
    255.255.255.255 1000 100
    static (singlemom,tmx-dmz) singlemom singlemom netmask 255.255.0.0 0 0
    access-group acl_out in interface outside
    access-group email_in in interface dmz1
    access-group singlemom_in interface singlemom


    Any help would be appreciated!

    Regards,
    Nick
     
    , Jul 11, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM
    Replies:
    4
    Views:
    984
  2. Learning Cisco
    Replies:
    3
    Views:
    2,296
    Walter Roberson
    Oct 15, 2005
  3. zillah
    Replies:
    0
    Views:
    746
    zillah
    Nov 9, 2006
  4. Fred Atkinson

    Level 14 Privilege Level

    Fred Atkinson, Feb 22, 2007, in forum: Cisco
    Replies:
    10
    Views:
    2,060
    Trendkill
    Feb 26, 2007
  5. International Alliance Privacy Services

    Private Networks for Higher Security

    International Alliance Privacy Services, Jan 26, 2009, in forum: Wireless Networking
    Replies:
    0
    Views:
    485
    International Alliance Privacy Services
    Jan 26, 2009
Loading...

Share This Page