Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DMZ Access from LAN2

Status
Not open for further replies.
br0ck

br0ck

MIS
Apr 25, 2002
467
US
I’m having a problem moving traffic into the DMZ from the remote LAN 2
LAN1 is fine.
I need users to be able to browse pages on the web server in the DMZ and I cant seem to get it working!?

192.168.200.x to 192.168.10.x

if i run a tracert from the remote host it is resolving to the 192.168.10.101 address but I cant seem to get the ACL’s correct to allow traffic


can anyone shed some light on this

thanks
Code: 
[img]http://www.miamiitsupport.com/post/ttpost.jpg[/img]


Code: 
PIX 515

access-list nonat permit ip 192.168.100.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list nonat permit ip 192.168.200.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list nonat permit ip 192.168.10.0 255.255.255.0 192.168.200.0 255.255.255.0

access-list dmz_in permit tcp any host 192.168.100.31 eq 3389
access-list dmz_in permit tcp any host 192.168.100.31 eq citrix-ica
access-list dmz_in permit tcp any host 192.168.100.25 eq https
access-list dmz_in permit tcp host 192.168.10.100 host 192.168.100.25 eq smtp
access-list dmz_in deny ip 192.168.10.0 255.255.255.0 192.168.100.0 255.255.255.0

access-list dmz_in permit ip any any

access-list NCVPN_list permit ip 192.168.100.0 255.255.255.0 192.168.200.0 255.255.255.0
access-list NCVPN_list permit ip 192.168.10.0 255.255.255.0 192.168.200.0 255.255.255.0

Code: 
PIX 501

access-list NCVPN_list permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list NCVPN_list permit ip 192.168.200.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list split permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list nonat permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list nonat permit ip 192.168.200.0 255.255.255.0 192.168.10.0 255.255.255.0
 
Sort by date Sort by votes
If the web server's gateway is not the firewall (515) you need to make sure that you add a static route which points to the firewall (515)


Hope that helps
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
1K
Shmid
Shmid
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
354
hairlessupportmonkey
hairlessupportmonkey
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
258
kythri
kythri
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
221
gbayi_omo
gbayi_omo
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
231
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top