Access from DMZ to Inside

[sunyasee]

Hello!

I am setting up a PIX with an internal network of 10.0.0.x with a DMZ network of 192.168.1.x. What I need to do is allow communications between a server in the DMZ and a server on the inside network, communication needs to work in both directions and needs to be restricted to just one port. What is the easiest way of doing this? Does anyone have any examples of a similar config?

Thanks

----

Sunyasee

 

[BuckWeet]

Two ways of doing it, you can do a static translation

or you can implement the nat 0 command..

 

[lgarner]

I think nat 0 would be most common in your case, though static would also work.

access-list inside_nat0 permit ip 10.0.0.0 255.x.x.x 192.168.1.0 255.255.255.0
nat (inside) 0 access-list inside_nat0

Then, an appropriate acl for dmz->inside
access-list dmz_inside permit tcp host server1 host server2 eq port
... etc. And add an acl for inside->dmz if you need it.