Pix515e 3-Ethernet DMZ

Discussion in 'Cisco' started by David Henzler, Mar 5, 2009.

  1. I can't see my own servers on their outside address. I can only see them
    on the DMZ address.

    Anybody ?
     
    David Henzler, Mar 5, 2009
    #1
    1. Advertising

  2. David Henzler

    Rod Dorman Guest

    In article <>,
    David Henzler <> wrote:
    >I can't see my own servers on their outside address. I can only see them
    >on the DMZ address.
    >
    >Anybody ?


    Anybody what?

    You made a statement that the PIX is working as designed and
    configured.

    --
    -- Rod --
    rodd(at)polylogics(dot)com
     
    Rod Dorman, Mar 5, 2009
    #2
    1. Advertising

  3. David Henzler

    Guest

    On Mar 5, 8:49 am, David Henzler <> wrote:
    > I can't see my own servers on their outside address.  I can only see them
    > on the DMZ address.
    >
    > Anybody ?


    Have you configured inbound rules on your outside interface?

    access-list outside_access_in extended permit tcp any host
    <outside_ip> eq 80 assuming it is a web server being presented to the
    outside interface from DMZ

    Have you configured static nat statements?

    static (dmz,outside) outside_ip dmz_ip netmask 255.255.255.255

    Regards
     
    , Mar 5, 2009
    #3
  4. On Thu, 05 Mar 2009 18:15:08 +0000, Rod Dorman wrote:

    > In article <>,
    > David Henzler <> wrote:
    >>I can't see my own servers on their outside address. I can only see them
    >>on the DMZ address.
    >>
    >>Anybody ?

    >
    > Anybody what?
    >
    > You made a statement that the PIX is working as designed and
    > configured.


    My design is not working yet. But then this is my first time using this
    device, and software. I've spent time reading, and trying to understand
    the methods of use. Sadly I have no training in this area, but am
    learning.

    Discovered that putting things in the same pool number mean that they are
    lumped together in the rule. Books didn't say this, although it may have
    been inferred, I missed the inferrence.

    My "working" statement was in response to the guy who said I may not have
    sufficient RAM. And to this point my Pix had been a brick. Although I
    had set everything I could think of, I probably had missed setting the
    gateway address for the dsl modem. Thus... going to DHCP on that port
    made things come alive. And so sir....

    What I said was:

    "Turns out that the configuration was correct, and I have sufficient RAM.
    The problem was that DNS wasn't functioning, and switching from STATIC to
    DHCP on Ethernet0 did the trick.

    The 5.2(4)ASDM software works fine, however the latest book I can find on
    the WEB is not the same GUI, and it's difficult to follow the proceedures
    when they differ. The latest version does things for you that previous
    versions required the user to do for themselves. I'd say the new version
    is just fine. Let's see a booklet from Cisco that covers it.

    Cisco wouldn't talk to me when I called, stating that my product was a
    "Gray Market" and I informed them that since they no longer sold or
    supported it that the fact that I wasn't the original owner shouldn't have
    been such an issue. Cisco repells business relationships with such an
    attitude. Use of older equipment by private individuals for personal use,
    or the startup business as in my case are ways for people to become Cisco
    customers, and learn about the value of having their hardware. Shunning
    us such a market sends us elesewhere."

    Regards

    David
     
    David Henzler, Mar 6, 2009
    #4
  5. On Thu, 05 Mar 2009 10:32:43 -0800, wrote:

    > On Mar 5, 8:49 am, David Henzler <> wrote:
    >> I can't see my own servers on their outside address.  I can only see them
    >> on the DMZ address.
    >>
    >> Anybody ?

    >
    > Have you configured inbound rules on your outside interface?
    >
    > access-list outside_access_in extended permit tcp any host
    > <outside_ip> eq 80 assuming it is a web server being presented to the
    > outside interface from DMZ
    >
    > Have you configured static nat statements?
    >
    > static (dmz,outside) outside_ip dmz_ip netmask 255.255.255.255
    >
    > Regards


    Thanks... I'll try configuring some outside rules this weekend.
     
    David Henzler, Mar 6, 2009
    #5
  6. On Fri, 06 Mar 2009 06:43:24 -0800, David Henzler wrote:

    > On Thu, 05 Mar 2009 10:32:43 -0800, wrote:
    >
    >> On Mar 5, 8:49 am, David Henzler <> wrote:
    >>> I can't see my own servers on their outside address.  I can only see them
    >>> on the DMZ address.
    >>>
    >>> Anybody ?

    >>
    >> Have you configured inbound rules on your outside interface?
    >>
    >> access-list outside_access_in extended permit tcp any host
    >> <outside_ip> eq 80 assuming it is a web server being presented to the
    >> outside interface from DMZ
    >>
    >> Have you configured static nat statements?
    >>
    >> static (dmz,outside) outside_ip dmz_ip netmask 255.255.255.255
    >>
    >> Regards

    >
    > Thanks... I'll try configuring some outside rules this weekend.


    I don't see where to add the outside Gateway address for the Ethernet0.
     
    David Henzler, Mar 10, 2009
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Peter
    Replies:
    2
    Views:
    1,077
  2. Mick

    PIX515e and the DMZ

    Mick, Jul 1, 2004, in forum: Cisco
    Replies:
    4
    Views:
    1,427
  3. Mick

    The DMZ and the PIX515e saga

    Mick, Jul 3, 2004, in forum: Cisco
    Replies:
    1
    Views:
    456
    Rik Bain
    Jul 3, 2004
  4. JohnC
    Replies:
    9
    Views:
    886
    Walter Roberson
    Dec 7, 2004
  5. Network-Guy

    Cisco PIX DMZ to DMZ Access

    Network-Guy, Sep 23, 2005, in forum: Cisco
    Replies:
    7
    Views:
    3,922
    Walter Roberson
    Sep 25, 2005
Loading...

Share This Page