PIX 515e Traffic between DMZ Interfaces

Discussion in 'Cisco' started by sdunn96, Nov 10, 2010.

  1. sdunn96

    sdunn96

    Joined:
    Oct 30, 2008
    Messages:
    33
    Likes Received:
    0
    How do you set up this thing up so I can ping a host (10.77.0.4) on one DMZ interface (Security Level 4) to a host (10.76.0.3) on the other DMZ interface (Security Level 4)??

    I have told the pix that NAT translation between the interfaces be the same.
    So on DMZ 4 10.77.0.4 -> 10.77.0.4 on DMZ3
    static (DMZ3,DMZ4) 10.76.0.0 10.76.0.0 netmask 255.255.0.0
    static (DMZ4,DMZ3) 10.77.0.0 10.77.0.0 netmask 255.255.0.0

    This is PIX OS 7.2(1)

    This thing is kicking my butt.

    I have another PIX that is running PIX 6.3, and I have him set up where a host on the DMZ, can ping a host sitting off the INSIDE interface.

    But I am missing something on this 7.2(1) pix, and not sure what it is.
     
    sdunn96, Nov 10, 2010
    #1
    1. Advertisements

  2. sdunn96

    sdunn96

    Joined:
    Oct 30, 2008
    Messages:
    33
    Likes Received:
    0
    Ok, got it figured out.
    Sheesh, Firewall rules are dang confusing.

    For PIX OS 7.2(1)
    Make sure you have told it that interfaces having the same security level are allowed to pass traffic.
    This allows for not having to configure ACLs

    Then setup static translation between the two interfaces.
    That should do it.
     
    sdunn96, Nov 10, 2010
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.