Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't access site in DMZ

Status
Not open for further replies.
edrouse

edrouse

Technical User
Apr 30, 2004
2
US
Hi there,
I'm having trouble (due to my inexperience) with allowing access to the DMZ website from an external source. I can access the site from internal pc's, but not external. My Pix support is temporarily unavailable and I was told I need this up by Monday. Here are the facts:

Trying to access from the outside. I Can access it from inside (10.10.6.0), but not from the outside. I will convert it to an access list at after it works. Any help would be greatly appreciated, Thanks

Inside: 10.10.6.0/24 Pix 10.10.6.1
Outside: 172.16.8.0/24 Pix 172.16.8.2
DMZ: 10.10.0.0/24 Pix 10.10.0.0

Web server: 10.10.0.3

global (outside) 1 172.16.8.2
global (DMZ) 1 10.10.0.100-10.10.0.150
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (DMZ) 1 10.10.0.0 255.255.255.0 0 0
static (inside,DMZ) 10.10.6.0 10.10.6.0 netmask 255.255.255.0 0 0
static (inside,outside) 172.16.8.2 10.10.6.2 netmask 255.255.255.255 0 0
static (inside,outside) 172.16.8.2 10.10.6.4 netmask 255.255.255.255 0 0
static (inside,outside) 172.16.8.2 10.10.6.10 netmask 255.255.255.255 0 0
static (inside,outside) 172.16.8.2 10.10.6.12 netmask 255.255.255.255 0 0
static (inside,outside) 172.16.8.2 10.10.6.5 netmask 255.255.255.255 0 0
static (inside,outside) 172.16.8.2 10.10.6.15 netmask 255.255.255.255 0 0
static (outside,DMZ) 172.16.8.2 10.10.0.3 netmask 255.255.255.255 0 0

route outside 0.0.0.0 0.0.0.0 66.155.209.97 1
route inside 10.10.1.0 255.255.255.0 10.10.6.2 1
route inside 10.10.3.0 255.255.255.0 10.10.6.2 1
route inside 10.10.5.0 255.255.255.0 10.10.6.2 1
route inside 10.10.7.0 255.255.255.0 10.10.6.2 1

conduit permit tcp any eq ftp host 10.10.0.3
conduit permit tcp any eq ssh host 10.10.0.3
conduit permit tcp any eq telnet host 10.10.0.3
conduit permit tcp any eq 8443 host 10.10.0.3
conduit permit icmp any host 10.10.0.3
conduit permit tcp any host 10.10.0.3
conduit permit icmp any host 10.10.0.1
conduit permit tcp any eq https host 10.10.0.3
conduit permit tcp any eq 10113 host 10.10.0.3
conduit permit tcp host 172.168.8.3 eq 10.10.0.3
conduit permit tcp host 172.168.8.3 eq https host 10.10.0.3
conduit permit tcp host 172.168.8.3 eq 8443 host 10.10.0.3
conduit permit tcp host 172.168.8.3 eq 10113 host 10.10.0.3
 
Sort by date Sort by votes
My mistake on the config, Sorry:


global (outside) 1 172.16.8.2
global (DMZ) 1 10.10.0.100-10.10.0.150
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (DMZ) 1 10.10.0.0 255.255.255.0 0 0
static (inside,DMZ) 10.10.6.0 10.10.6.0 netmask 255.255.255.0 0 0
static (inside,outside) 172.16.8.4 10.10.6.2 netmask 255.255.255.255 0 0
static (inside,outside) 172.16.8.6 10.10.6.4 netmask 255.255.255.255 0 0
static (inside,outside) 172.16.8.10 10.10.6.10 netmask 255.255.255.255 0 0
static (inside,outside) 172.16.8.12 10.10.6.12 netmask 255.255.255.255 0 0
static (inside,outside) 172.16.8.5 10.10.6.5 netmask 255.255.255.255 0 0
static (inside,outside) 172.16.8.15 10.10.6.15 netmask 255.255.255.255 0 0
static (outside,DMZ) 172.16.8.3 10.10.0.3 netmask 255.255.255.255 0 0

route outside 0.0.0.0 0.0.0.0 66.155.209.97 1
route inside 10.10.1.0 255.255.255.0 10.10.6.2 1
route inside 10.10.3.0 255.255.255.0 10.10.6.2 1
route inside 10.10.5.0 255.255.255.0 10.10.6.2 1
route inside 10.10.7.0 255.255.255.0 10.10.6.2 1

conduit permit tcp any eq ftp host 10.10.0.3
conduit permit tcp any eq ssh host 10.10.0.3
conduit permit tcp any eq telnet host 10.10.0.3
conduit permit tcp any eq 8443 host 10.10.0.3
conduit permit icmp any host 10.10.0.3
conduit permit tcp any host 10.10.0.3
conduit permit icmp any host 10.10.0.1
conduit permit tcp any eq https host 10.10.0.3
conduit permit tcp any eq 10113 host 10.10.0.3
conduit permit tcp host 172.168.8.3 eq 10.10.0.3
conduit permit tcp host 172.168.8.3 eq https host 10.10.0.3
conduit permit tcp host 172.168.8.3 eq 8443 host 10.10.0.3
conduit permit tcp host 172.168.8.3 eq 10113 host 10.10.0.3
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
985
Shmid
Shmid
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
223
Russtoleum
Russtoleum
AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
445
AllenH12
AllenH12
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
252
kythri
kythri
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
224
Garbear
Garbear

Part and Inventory Search

Sponsor

Back
Top