Hi
I have a problem with cisco PIX 515DMZ configuration.
I have a cisco PIX 515DMZ with 3 interfaces: one for the internal LAN, one for the DMZ, and one for external.
- the lan PCs are able to go outside on the Internet (yahoo,.....)
- but the mail server in the DMZ is not reachble from outside and can't send data to other mail servers on the Internet
- the mail server can't ping the router and anything on the Internet
- people on the LAN can't cheick end send mail from the mail server but they can ping the mail server from the LAN.
Here is my config:
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
........................................
names
name 10.0.0.4 mail
.....................................
access-list ping_acl permit icmp any any
access-list acl_out permit icmp any any
access-list acl_out permit tcp any host a.b.c.X eq domain
access-list acl_out permit tcp any host a.b.c.Y eq domain
access-list acl_out permit tcp any host a.b.c.98 eq smtp
....................
ip address outside a.b.c.99 255.255.255.255.248
ip address inside 192.168.0.2 255.255.255.0
ip address dmz 10.0.0.2 255.255.0.0
.......................
global (outside) 1 a.b.c.100-a.b.c.101
global (outside) 1 a.b.c.102
global (dmz) 1 10.0.0.5-10.0.0.254
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
nat (dmz) 1 10.0.0.0 255.255.0.0 0 0
static (dmz,outside) a.b.c.98 mail netmask 255.255.255.255 0 0
access-group acl_out in interface outside
access-group ping_acl in interface dmz
route outside 0.0.0.0 0.0.0.0 a.b.c.97 1
Help.
regards,
Souleymane
I have a problem with cisco PIX 515DMZ configuration.
I have a cisco PIX 515DMZ with 3 interfaces: one for the internal LAN, one for the DMZ, and one for external.
- the lan PCs are able to go outside on the Internet (yahoo,.....)
- but the mail server in the DMZ is not reachble from outside and can't send data to other mail servers on the Internet
- the mail server can't ping the router and anything on the Internet
- people on the LAN can't cheick end send mail from the mail server but they can ping the mail server from the LAN.
Here is my config:
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
........................................
names
name 10.0.0.4 mail
.....................................
access-list ping_acl permit icmp any any
access-list acl_out permit icmp any any
access-list acl_out permit tcp any host a.b.c.X eq domain
access-list acl_out permit tcp any host a.b.c.Y eq domain
access-list acl_out permit tcp any host a.b.c.98 eq smtp
....................
ip address outside a.b.c.99 255.255.255.255.248
ip address inside 192.168.0.2 255.255.255.0
ip address dmz 10.0.0.2 255.255.0.0
.......................
global (outside) 1 a.b.c.100-a.b.c.101
global (outside) 1 a.b.c.102
global (dmz) 1 10.0.0.5-10.0.0.254
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
nat (dmz) 1 10.0.0.0 255.255.0.0 0 0
static (dmz,outside) a.b.c.98 mail netmask 255.255.255.255 0 0
access-group acl_out in interface outside
access-group ping_acl in interface dmz
route outside 0.0.0.0 0.0.0.0 a.b.c.97 1
Help.
regards,
Souleymane