Accessing higher security level from higher security level

Discussion in 'Cisco' started by nderose@gmail.com, Jul 11, 2005.

  1. Guest

    I'm a newbie and and setting up a pix firewall and i need to access
    higher security level from a lower security level. Ideally just need to
    be able use terminal services. This is what the configuration is. I
    need to user terminal services from tmx-dmz to get access to singlemom.
    This is just the relevant stuff below for this network

    nameif ethernet0 outside security0
    nameif ethernet1 singlemom security98
    nameif ethernet2 failover security97
    nameif ethernet3 intdmz security80
    nameif ethernet4 dmz1 security40
    nameif ethernet5 tmx-dmz security90

    access-list acl_nonat permit ip 10.0.0.0 255.0.0.0 10.100.1.0
    255.255.255.0
    access-list acl_nonat permit ip TMX-DMZ 255.255.0.0 INTDMZ 255.255.0.0
    access-list acl_nonat permit ip TMX-DMZ 255.255.0.0 NET0_DMZ1
    255.255.0.0
    access-list acl_out permit tcp any host 198.x.x.xeq smtp
    access-list acl_out permit tcp any host 198.x.x.xeq pop3
    access-list acl_out permit tcp any host 198.x.x.x eq 5900
    access-list acl_out permit tcp any host 198.x.x.x eq 5500
    access-list acl_out permit tcp any host 198.x.x.x eq 3389
    access-list singlemom_in line 2 permit ip any any
    access-list singlemom_in line 3 permit icmp any any
    access-list singlemom_in line 4 permit tcp any any eq 3389

    global (outside) 1001 198.87.36.128-198.87.36.199
    global (outside) 1100 198.87.36.201-198.87.36.210
    global (outside) 1101 198.87.36.100-198.87.36.120
    global (outside) 1100 198.87.36.200
    global (outside) 1011 198.87.36.124
    global (singlemom) 1011 10.50.0.20-10.50.0.250 netmask 255.255.0.0
    global (singlemom) 1011 10.50.0.5-10.50.0.254 netmask 255.255.0.0
    global (dmz1) 1001 10.150.100.0-10.150.100.250 netmask 255.255.0.0
    global (dmz1) 1100 10.150.110.0-10.150.110.250 netmask 255.255.255.0
    global (tmx-dmz) 1101 10.10.0.2-10.10.0.250 netmask 255.255.0.0
    nat (singlemom) 0 access-list acl_nonat
    nat (singlemom) 1011 singlemom 255.255.0.0 dns 0 0
    nat (intdmz) 0 access-list acl_nonat
    nat (intdmz) 1100 INTDMZ 255.255.0.0 dns 0 0
    nat (dmz1) 0 access-list acl_nonat
    nat (tmx-dmz) 0 access-list acl_nonat
    nat (tmx-dmz) 1101 TMX-DMZ 255.255.0.0 0 0

    static (singlemom,outside) 198.x.x.x 10.50.0.10 dns netmask
    255.255.255.255 1000 100
    static (singlemom,tmx-dmz) singlemom singlemom netmask 255.255.0.0 0 0
    access-group acl_out in interface outside
    access-group email_in in interface dmz1
    access-group singlemom_in interface singlemom


    Any help would be appreciated!

    Regards,
    Nick
     
    , Jul 11, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.