Stuck on routing from inside network to vlan dmz

Discussion in 'Cisco' started by Ken, Mar 17, 2006.

  1. Ken

    Ken Guest

    Hello,

    Anyone have suggestions for this situation? I've got an inside network
    192.168.10.1 255.255.255.0 on default vlan1 and a dmz network
    192.168.1.0 255.255.255.0 on vlan 2.

    My goal is to allow routing from the inside network to the dmz network.

    I have a PIX 506e and Catalyst 2950. I believe I have the switch
    configured correctly because I can ping addresses on the 192.168.1.0
    network from the PIX. However, I cannot ping the PIX's dmz ip address
    or beyond.

    If I enable DEBUG ICMP TRACE on the PIX, the console does show it
    receiving echo requests but no replies.

    If I run SHOW ROUTE, I get this:
    outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xx 1 OTHER static
    outside xxx.0.0.0 255.0.0.0 xxx.xxx.xxx.xxx 1 CONNECT static
    dmz 192.168.1.0 255.255.255.0 192.168.1.205 1 CONNECT static
    inside 192.168.10.0 255.255.255.0 192.168.10.1 1 CONNECT static

    Here is my PIX config. Any help is appreciated. Thanks.

    interface ethernet0 auto
    interface ethernet1 100full
    interface ethernet1 vlan2 logical
    nameif ethernet0 outside security0
    nameif ethernet1 inside security100
    nameif vlan2 dmz security50
    enable password xxx encrypted
    passwd xxx encrypted
    hostname xxx
    domain-name prcinnovations.com
    fixup protocol dns maximum-length 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol skinny 2000
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names
    name 192.168.10.10 SERVER-Internal
    name 80.15.200.19 SERVER-External
    access-list outside_access_in permit tcp any host SERVER-External eq
    www
    access-list outside_access_in permit tcp any host SERVER-External eq
    ftp
    access-list outside_access_in permit tcp any host SERVER-External eq
    ldap
    access-list outside_access_in permit tcp any host SERVER-External eq
    smtp
    access-list outside_access_in permit tcp any host SERVER-External eq
    3389
    access-list outside_access_in permit tcp any host SERVER-External eq
    pptp
    access-list outside_access_in permit gre any host SERVER-External
    access-list outside_access_in permit tcp any host SERVER-External eq
    8585
    access-list outside_access_in permit tcp any host SERVER-External eq
    pop3
    access-list inside_access_dmz permit ip any any
    ip address outside 80.15.200.18 255.0.0.0
    ip address inside 192.168.10.1 255.255.255.0
    ip address dmz 192.168.1.205 255.255.255.0
    global (outside) 1 interface
    nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    static (inside,outside) SERVER-External SERVER-Internal netmask
    255.255.255.255 0 0
    access-group outside_access_in in interface outside
    access-group inside_access_dmz in interface dmz
    route outside 0.0.0.0 0.0.0.0 80.15.200.17 1
     
    Ken, Mar 17, 2006
    #1
    1. Advertising

  2. Ken

    Merv Guest

    Merv, Mar 17, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. marti314
    Replies:
    1
    Views:
    2,103
    Walter Roberson
    Aug 5, 2005
  2. Replies:
    4
    Views:
    3,784
  3. DMZ inside routing

    , Apr 24, 2007, in forum: Cisco
    Replies:
    1
    Views:
    687
    Walter Roberson
    Apr 25, 2007
  4. morten
    Replies:
    4
    Views:
    1,230
    Tilman Schmidt
    Sep 4, 2007
  5. Jack
    Replies:
    0
    Views:
    680
Loading...

Share This Page