I have found many posts on this, but none that address the specific issue I am having.
We have configured a DMZ through our PIX 506e that has only our Web Server, FTP Server and a wireless router for internet connections. I would like to make it so that connections on the wireless router can also access our Exchange Server , which is on the network on the inside interface, using the external Domain/IP. I am able to do this without issue, but when I enable the ACL for DMZtoInside internet access from the DMZ no longer works. Here are the pertinent parts of my config:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet1 vlan2 logical
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif vlan2 dmz security50
access-list dmz_access_out permit tcp any any
access-list dmz_access_out permit tcp any any eq www
access-list outside_access_in tcp and (IP of Exchange server) eq www
access-list outside_access_in tcp and (IP of Exchange server) eq https
static (inside,dmz) tcp (External IP of Exchange Server) https 192.168.0.6 https netmask 255.255.255.
255 0 0
static (inside,dmz) tcp (External IP of Exchange Server) 255.255.255.255
0 0
access-group outside_access_in in interface outside
access-group dmz_access_out in interface dmz
What is puzzling to me is that DMZ is a lower security level than outside, so why would this stop working when I allow the DMZ to access specific devices on the inside?
I have no issues accessing the web and ftp servers in DMZ from the internal network using there external addresses.
Any help would be greatly appreciated, I can provide more of my config if needed. I have tried many things and this is driving me nuts
We have configured a DMZ through our PIX 506e that has only our Web Server, FTP Server and a wireless router for internet connections. I would like to make it so that connections on the wireless router can also access our Exchange Server , which is on the network on the inside interface, using the external Domain/IP. I am able to do this without issue, but when I enable the ACL for DMZtoInside internet access from the DMZ no longer works. Here are the pertinent parts of my config:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet1 vlan2 logical
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif vlan2 dmz security50
access-list dmz_access_out permit tcp any any
access-list dmz_access_out permit tcp any any eq www
access-list outside_access_in tcp and (IP of Exchange server) eq www
access-list outside_access_in tcp and (IP of Exchange server) eq https
static (inside,dmz) tcp (External IP of Exchange Server) https 192.168.0.6 https netmask 255.255.255.
255 0 0
static (inside,dmz) tcp (External IP of Exchange Server) 255.255.255.255
0 0
access-group outside_access_in in interface outside
access-group dmz_access_out in interface dmz
What is puzzling to me is that DMZ is a lower security level than outside, so why would this stop working when I allow the DMZ to access specific devices on the inside?
I have no issues accessing the web and ftp servers in DMZ from the internal network using there external addresses.
Any help would be greatly appreciated, I can provide more of my config if needed. I have tried many things and this is driving me nuts