how can i do this kind of redirection with pix?

Discussion in 'Cisco' started by rene, Feb 19, 2008.

  1. rene

    rene Guest

    hi,all

    i have a pix 515, three of interfaces are:eek:utside 123.0.0.0/24,dmz
    10.0.0.0/24, inside 192.168.0.0/24.
    from interface dmz,i can get to 10.99.0.0/24, with an fixed source
    ip :10.0.0.199.

    now,i want a computer from outside to get to 10.99.0.0/24,how can i
    do this?

    i have tryed outside nat,but it does not work as expected.

    can someone give me some advice?

    thanks
     
    rene, Feb 19, 2008
    #1
    1. Advertising

  2. rene

    rene Guest

    On Feb 19, 1:49 pm, rene <> wrote:
    > hi,all
    >
    > i have a pix 515, three of interfaces are:eek:utside 123.0.0.0/24,dmz
    > 10.0.0.0/24, inside 192.168.0.0/24.
    > from interface dmz,i can get to 10.99.0.0/24, with an fixed source
    > ip :10.0.0.199.
    >
    > now,i want a computer from outside to get to 10.99.0.0/24,how can i
    > do this?
    >
    > i have tryed outside nat,but it does not work as expected.
    >
    > can someone give me some advice?
    >
    > thanks


    i have got an idea,and made it work,but it brought another problem...

    with outside nat and static,like this:

    access-list nat_outside_dmz permit tcp any host 123.0.0.1 eq 8000
    nat(outside) 15 access-list nat_outside_dmz outside
    global(dmz) 15 10.0.0.199

    static (dmz,outside) tcp 123.0.0.1 8000 10.99.0.99 8000

    it works like what i think:

    when request to 123.0.0.1:8000 come from interface outside,it will be
    changed like request from 10.0.0.199:8000,and send through interface
    dmz.

    this idea works,but normal statics does not work!!

    can someone give me help?
    thanks
     
    rene, Feb 19, 2008
    #2
    1. Advertising

  3. rene

    Greeley

    Joined:
    Dec 16, 2007
    Messages:
    67
    I dont really think I understand what your looking for but I think you are trying to have someone on the outside interface to get to something on the DMZ? That would just be done with an ACL and then applying the acl to the interface inbound.


    --G
     
    Greeley, Feb 19, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Memnoch
    Replies:
    0
    Views:
    539
    Memnoch
    Jul 17, 2003
  2. staalejg
    Replies:
    1
    Views:
    526
    Walter Roberson
    Jul 17, 2003
  3. staalejg
    Replies:
    0
    Views:
    483
    staalejg
    Jul 17, 2003
  4. Jocelyn
    Replies:
    0
    Views:
    477
    Jocelyn
    Jul 17, 2003
  5. staalejg
    Replies:
    0
    Views:
    1,328
    staalejg
    Jul 17, 2003
Loading...

Share This Page