Pix command to allow access to network behind a network

Discussion in 'Cisco' started by elementaladmins@gmail.com, Aug 11, 2007.

  1. Guest

    Hi, looking for some guidance as I currently have a pix setup as
    follows

    Internet
    |
    Pix ---- DMZ
    |
    Internal network

    using the static comand to disable nat from the dmz to internal which
    allows access for servers in the dmz to access (with teh correct acl)
    servers in the internal lan. We will be segmenting this internal
    network to contain two networks as shown below

    Internet
    |
    Pix ---- DMZ
    |
    Internal network1 ---Router--Internal Network2

    Leaving the config as is the servers in the DMZ cant traverse to the
    internal network2 (due to the fact that the pix doesn't know about
    it). Howver, since the internal network2 is not directly connected to
    the pix inside interface, what neds to happen to permit (besides an
    ACL) traffic from the DMZ to Inernal Network2?

    Thanks,

    Ted
    , Aug 11, 2007
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    >We will be segmenting this internal
    >network to contain two networks as shown below


    >Internet
    > |
    > Pix ---- DMZ
    > |
    >Internal network1 ---Router--Internal Network2


    Just add

    route inside NETWORK2BASE NETWORK2MASK ROUTERIP

    Along with the appropriate ACL entries and appropriate static entries
    for any traffic you wish to permit from the outside or DMZ to
    the new internal network.
    Walter Roberson, Aug 11, 2007
    #2
    1. Advertising

  3. In article <>, writes:
    >Hi, looking for some guidance as I currently have a pix setup as
    >follows
    >
    >Internet
    > |
    > Pix ---- DMZ
    > |
    >Internal network
    >
    >using the static comand to disable nat from the dmz to internal which
    >allows access for servers in the dmz to access (with teh correct acl)
    >servers in the internal lan. We will be segmenting this internal
    >network to contain two networks as shown below
    >
    >Internet
    > |
    > Pix ---- DMZ
    > |
    >Internal network1 ---Router--Internal Network2
    >
    >Leaving the config as is the servers in the DMZ cant traverse to the
    >internal network2 (due to the fact that the pix doesn't know about
    >it). Howver, since the internal network2 is not directly connected to
    >the pix inside interface, what neds to happen to permit (besides an
    >ACL) traffic from the DMZ to Inernal Network2?


    You need something like this:
    route inside a.b.c.d 255.255.255.0 w.x.y.z 1
    where "a.b.c.d" is the IP address of Network2 and "w.x.y.z" is the IP address
    of your Router. Of course, I assumed that the Pix interface is named "inside".

    Regards,
    Christoph Gartmann

    --
    Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
    Immunbiologie
    Postfach 1169 Internet: gartmann@immunbio dot mpg dot de
    D-79011 Freiburg, Germany
    http://www.immunbio.mpg.de/home/menue.html
    Christoph Gartmann, Aug 11, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. yar
    Replies:
    4
    Views:
    1,605
    Juan Carlos \(El fortinero\)
    Sep 21, 2004
  2. Corbin O'Reilly
    Replies:
    2
    Views:
    3,120
    Corbin O'Reilly
    May 26, 2004
  3. vreyesii
    Replies:
    8
    Views:
    507
    Walter Roberson
    Sep 10, 2006
  4. calvin
    Replies:
    0
    Views:
    432
    calvin
    Mar 8, 2006
  5. Andrew_White
    Replies:
    2
    Views:
    1,477
    Lanwench [MVP - Exchange]
    Dec 10, 2009
Loading...

Share This Page