Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DMZ users access to internal web sites

Status
Not open for further replies.

don1907

IS-IT--Management
Dec 14, 2006
33
US
I have WiFi users using a access point on our DMZ. The users are stating they cannot access our web site or sharepoint portal on the internal network. They can access the sites if off site. What rules or access lists need to be setup for this configuration.
 
you need to do the following:
1) Create an ACL and apply it inbound on the dmz interface to allow access to the resources necessary. Be very careful with how you do this as you may inadvertantly open up more ports than you want.
2) Configure NAT Exemption to allow the dmz hosts to access the internal network without being NATed

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
I have attached a sanitized version of the pix. Can you advise what needs to be added.....new with this device

PIX Version 6.3(3)
interface ethernet0 100full
interface ethernet1 100full
interface ethernet2 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security4
enable password 5AazmePNQ8pICi2X encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname epa515
domain-name eastportanalytics.com
clock timezone est -5
no fixup protocol dns
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group network EPA_www
description All servers providing to the outside
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
object-group network EPA_https
description All servers providing HTTPS services to the outside
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
object-group network EPA_smtp
description All servers providing SMTP services to the outside
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
object-group network EPA_dns
description All servers providing DNS services to the outside
network-object host 66.173.204.xxx
network-object host 66.173.204.xxx
object-group network EPA_cavtel_dns
description Cavtel External DNS servers used for Zone Transfer
network-object host 216.220.40.xxx
network-object host 64.39.29.xxx
network-object host 216.220.40.xxx
network-object host 209.200.131.x
network-object host 66.225.199.xx
network-object host 216.246.59.xxx
network-object 205.210.42.0 255.255.255.0
network-object 216.220.40.240 255.255.255.240
network-object 209.200.131.0 255.255.255.0
network-object 209.200.151.0 255.255.255.0
network-object 209.200.177.0 255.255.255.0
network-object 209.200.141.0 255.255.255.0
network-object 66.252.1.10 255.255.255.255
network-object 205.234.220.154 255.255.255.255
network-object 205.234.220.146 255.255.255.255
network-object 205.234.160.98 255.255.255.255
network-object 64.202.104.250 255.255.255.255
network-object 206.223.184.240 255.255.255.240
network-object 216.246.59.82 255.255.255.255
object-group network EPA_https_real
description All servers providing HTTPS services to the outside
network-object 192.168.30.xx 255.255.255.255
network-object 192.168.30.xx 255.255.255.255
object-group network EPA_dns_real
description All servers providing DNS services to the outside
network-object 172.16.250.xx 255.255.255.255
network-object 172.16.250.xx 255.255.255.255
access-list acl_out permit icmp any any
access-list acl_out permit tcp any host 66.173.204.xxx eq https
access-list acl_out permit tcp any host 66.173.204.xxx eq www
access-list acl_out permit tcp any host 66.173.204.xxx eq smtp
access-list acl_out permit tcp any host 66.173.204.xxx eq https
access-list acl_out permit tcp any host 66.173.204.xxx eq www
access-list acl_out permit tcp any host 66.173.204.xxx eq www
access-list acl_out permit tcp any host 66.173.204.xxx eq www
access-list acl_out permit tcp any host 66.173.204.xxx eq www
access-list acl_out permit udp any host 66.173.204.xxx eq domain
access-list acl_out permit tcp any host 66.173.204.xxx eq ftp
access-list 88 permit ip 192.168.20.x 255.255.255.0 192.168.5.x 255.255.255.0
access-list 88 permit ip 192.168.25.x 255.255.255.0 192.168.5.x 255.255.255.0
access-list 88 permit ip 192.168.30.x 255.255.255.0 192.168.5.x 255.255.255.0
access-list 88 permit ip 192.168.40.x 255.255.255.0 192.168.5.x 255.255.255.0
access-list 88 permit ip 192.168.10.x 255.255.255.0 192.168.5.x 255.255.255.0
access-list 88 permit ip 192.168.20.x 255.255.255.0 192.168.6.x 255.255.255.0
access-list 88 permit ip 192.168.30.x 255.255.255.0 192.168.6.x 255.255.255.0
access-list 88 permit ip 192.168.40.x 255.255.255.0 192.168.6.x 255.255.255.0
access-list VPNAdmins_splitTunnelAcl permit ip 192.168.10.x 255.255.255.0 any
access-list VPNAdmins_splitTunnelAcl permit ip 192.168.20.x 255.255.255.0 any
access-list VPNAdmins_splitTunnelAcl permit ip 192.168.30.x 255.255.255.0 any
access-list VPNAdmins_splitTunnelAcl permit ip 192.168.40.x 255.255.255.0 any
access-list VPNAdmins_splitTunnelAcl permit ip 172.16.250.x 255.255.255.0 any
access-list DMZ_outbound_nat0_acl permit ip 172.16.250.x0 255.255.255.0 192.168.5
.x 255.255.255.0
access-list outside_cryptomap_dyn_20 permit ip any 192.168.5.x 255.255.255.0
access-list DMZ_cryptomap_dyn_20 permit ip any 192.168.5.x 255.255.255.0
access-list VPNDmz_splitTunnelAcl permit ip 192.168.10.x 255.255.255.0 any
access-list VPNDmz_splitTunnelAcl permit ip 192.168.20.x 255.255.255.0 any
access-list VPNDmz_splitTunnelAcl permit ip 192.168.30.x 255.255.255.0 any
access-list VPNDmz_splitTunnelAcl permit ip 192.168.40.x 255.255.255.0 any
access-list VPNUsers_splitTunnelAcl_1 permit ip 192.168.10.x 255.255.255.0 any
access-list VPNUsers_splitTunnelAcl_1 permit ip 192.168.20.x 255.255.255.0 any
access-list VPNUsers_splitTunnelAcl_1 permit ip 192.168.30.x 255.255.255.0 any
access-list VPNUsers_splitTunnelAcl_1 permit ip 192.168.40.x 255.255.255.0 any
access-list VPNUsers_splitTunnelAcl_1 permit ip 172.16.250.x 255.255.255.0 any
access-list outside_cryptomap_dyn_40 permit ip any 192.168.5.x 255.255.255.0
access-list outside_cryptomap_dyn_60 permit ip any 192.168.5.x 255.255.255.0
access-list DMZ_inside permit tcp host 172.16.250.xx eq 20031 host 192.168.30.xx
eq 20031
access-list DMZ_inside permit udp host 172.16.250.xx eq 20031 host 192.168.30.xx
eq 20031
access-list DMZ_inside permit tcp host 172.16.250.xx eq 20031 host 192.168.30.xx
eq 20031
access-list DMZ_inside permit udp host 172.16.250.xx eq 20031 host 192.168.30.xx
eq 20031
access-list DMZ_inside permit udp host 172.16.250.xx host 192.168.30.xx range 20
050 20070
access-list DMZ_inside permit udp host 172.16.250.xx host 192.168.30.xx range 20
050 20070
access-list DMZ_inside permit tcp host 172.16.250.xx host 192.168.30.xx range 20
031 20050
access-list DMZ_inside permit tcp host 172.16.250.xx host 192.168.30.xx range 20
031 20050
access-list DMZ_inside permit tcp host 172.16.250.xx host 192.168.30.xx eq smtp
access-list DMZ_inside permit tcp host 172.16.250.xx host 192.168.30.xx eq smtp
access-list DMZ_inside permit tcp host 172.16.250.xx host 192.168.30.xx eq domain
access-list DMZ_inside permit tcp host 172.16.250.xx host 192.168.30.xx eq domain
access-list DMZ_inside permit udp host 172.16.250.xx host 192.168.30.xx eq domain
access-list DMZ_inside permit udp host 172.16.250.xx host 64.83.1.xx eq domain
access-list DMZ_inside permit udp host 172.16.250.xx host 64.83.0.1xx eq domain
access-list DMZ_inside permit ip 172.16.250.x 255.255.255.0 192.168.5.x 255.255.
255.0
access-list DMZ_inside permit ip host 172.16.250.xxx host 172.16.250.x
access-list DMZ_inside permit ip host 172.16.250.xxx host 172.16.250.x
access-list DMZ_inside permit ip 172.16.253.x 255.255.255.248 host 172.16.250.x
access-list DMZ_inside permit ip 172.16.253.xx 255.255.255.248 host 172.16.250.x
access-list DMZ_inside deny ip 172.16.253.x 255.255.255.248 192.168.10.x 255.255
.255.0
access-list DMZ_inside deny ip 172.16.253.x 255.255.255.248 192.168.20.x 255.255
.255.0
access-list DMZ_inside deny ip 172.16.253.x 255.255.255.248 192.168.30.x 255.255
.255.0
access-list DMZ_inside deny ip 172.16.253.x 255.255.255.248 192.168.40.x 255.255
.255.0
access-list DMZ_inside deny ip 172.16.253.xx 255.255.255.248 192.168.10.x 255.25
5.255.0
access-list DMZ_inside deny ip 172.16.253.xx 255.255.255.248 192.168.20.x 255.25
5.255.0
access-list DMZ_inside deny ip 172.16.253.xx 255.255.255.248 192.168.30.x 255.25
5.255.0
access-list DMZ_inside deny ip 172.16.253.xx 255.255.255.248 192.168.40.x 255.25
5.255.0
access-list DMZ_inside deny ip 172.16.250.x 255.255.255.0 192.168.10.x 255.255.2
55.0
access-list DMZ_inside deny ip 172.16.250.x 255.255.255.0 192.168.20.x 255.255.2
55.0
access-list DMZ_inside deny ip 172.16.250.x 255.255.255.0 192.168.30.x 255.255.2
55.0
access-list DMZ_inside deny ip 172.16.250.x 255.255.255.0 192.168.40.x 255.255.2
55.0
access-list DMZ_inside permit ip 172.16.253.x 255.255.255.248 any
access-list DMZ_inside permit ip 172.16.253.xx 255.255.255.248 any
access-list DMZ_inside permit ip 172.16.250.x 255.255.255.0 any
access-list VPNConsult_splitTunnelAcl_1 permit ip 192.168.10.x 255.255.255.0 any
access-list VPNConsult_splitTunnelAcl_1 permit ip 192.168.20.x 255.255.255.0 any
access-list VPNConsult_splitTunnelAcl_1 permit ip 192.168.40.x 255.255.255.0 any
access-list VPNConsult_splitTunnelAcl_1 permit ip 172.16.250.x 255.255.255.0 any
access-list acl_outside permit tcp any object-group EPA_ www
access-list acl_outside permit tcp any object-group EPA_https eq https
access-list acl_outside permit tcp any object-group EPA_smtp eq smtp
access-list acl_outside permit udp any object-group EPA_dns eq domain
access-list acl_outside permit tcp object-group EPA_cavtel_dns object-group EPA_
dns eq domain
access-list acl_outside permit udp object-group EPA_cavtel_dns object-group EPA_
dns eq domain
access-list acl_outside permit tcp any host 66.173.204.xxx eq ftp
access-list acl_outside permit tcp any host 66.173.204.xxx eq https
access-list acl_outside permit tcp any host 66.173.204.xxx eq 993
access-list acl_outside permit tcp any host 66.173.204.xxx eq imap4
access-list 109 permit tcp any object-group EPA_dns eq domain
access-list 109 permit udp any object-group EPA_dns eq domain
pager lines 24
logging on
logging buffered errors
icmp deny any outside
icmp permit any DMZ
mtu outside 1800
mtu inside 1800
mtu DMZ 1500
ip address outside 66.173.xxx.210 255.255.255.xxx
ip address inside 172.16.251.x 255.255.255.xxx
ip address DMZ 172.16.250.x 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool EPANatPool 192.168.5.xx-192.168.5.xxx
ip local pool EPAPPTP 192.168.6.xx-192.168.6.xxx
pdm location 192.168.20.xxx 255.255.255.255 inside
pdm location 192.168.20.x 255.255.255.0 inside
pdm location 192.168.40.x 255.255.255.0 inside
pdm location 192.168.30.xx 255.255.255.255 inside
pdm location 192.168.0.x 255.255.0.0 inside
pdm location 10.10.11.xxx 255.255.255.255 outside
pdm location 172.16.250.xx 255.255.255.255 DMZ
pdm location 24.53.142.xx 255.255.255.255 outside
pdm location 192.168.25.x 255.255.255.0 inside
pdm location 192.168.30.x 255.255.255.0 inside
pdm location 192.168.40.xx 255.255.255.255 inside
pdm location 192.168.25.xx 255.255.255.255 inside
pdm location 192.168.30.xx 255.255.255.255 inside
pdm location 192.168.10.x 255.255.255.0 inside
pdm location 172.16.250.xx 255.255.255.255 DMZ
pdm location 172.16.250.xx 255.255.255.255 DMZ
pdm location 192.168.5.x 255.255.255.0 inside
pdm location 207.196.42.x 255.255.255.0 outside
pdm location 207.196.62.x 255.255.255.0 outside
pdm location 192.168.40.xx 255.255.255.255 inside
pdm location 172.16.250.xx 255.255.255.255 DMZ
pdm location 172.16.250.xx 255.255.255.255 DMZ
pdm location 172.16.250.xx 255.255.255.255 DMZ
pdm location 172.16.250.xxx 255.255.255.255 DMZ
pdm location 172.16.250.xxx 255.255.255.255 DMZ
pdm location 172.16.253.x 255.255.255.248 DMZ
pdm location 172.16.253.xx 255.255.255.248 DMZ
pdm location 64.39.29.xxx 255.255.255.255 outside
pdm location 216.220.40.xxx 255.255.255.255 outside
pdm location 216.220.40.xxx 255.255.255.255 outside
pdm location 209.200.131.x 255.255.255.255 outside
pdm location 192.168.30.xx 255.255.255.255 inside
pdm location 64.202.104.xxx 255.255.255.255 outside
pdm location 66.225.199.xx 255.255.255.255 outside
pdm location 66.252.1.xx 255.255.255.255 outside
pdm location 205.210.42.x 255.255.255.0 outside
pdm location 205.234.160.xx 255.255.255.255 outside
pdm location 205.234.220.xxx 255.255.255.255 outside
pdm location 205.234.220.xxx 255.255.255.255 outside
pdm location 206.223.184.xxx 255.255.255.240 outside
pdm location 209.200.131.x 255.255.255.0 outside
pdm location 209.200.141.x 255.255.255.0 outside
pdm location 209.200.151.x 255.255.255.0 outside
pdm location 209.200.177.x 255.255.255.0 outside
pdm location 216.220.40.xxx 255.255.255.240 outside
pdm location 216.246.59.xx 255.255.255.255 outside
pdm location 216.246.59.xx 255.255.255.255 outside
pdm group EPA_https_real inside
pdm group EPA_dns_real DMZ
pdm group EPA_https outside reference EPA_https_real
pdm group EPA_dns outside reference EPA_dns_real
pdm group EPA_cavtel_dns outside
pdm history enable
arp timeout 14400
global (outside) 1 66.173.204.xxx netmask 255.255.255.xxx
global (outside) 2 66.173.204.xxx netmask 255.255.255.xxx
nat (inside) 0 access-list 88
nat (inside) 2 192.168.10.0 255.255.255.0 0 0
nat (inside) 2 192.168.20.0 255.255.255.0 0 0
nat (inside) 2 192.168.30.0 255.255.255.0 0 0
nat (inside) 1 192.168.40.0 255.255.255.0 0 0
nat (DMZ) 0 access-list DMZ_outbound_nat0_acl
nat (DMZ) 1 172.16.250.0 255.255.255.0 0 0
static (DMZ,outside) tcp 66.173.204.xxx smtp 172.16.250.xx smtp netmask 255.255.
255.255 0 0
static (inside,outside) tcp 66.173.204.xxx 8090 netmask 255.25
5.255.255 0 0
static (inside,outside) 66.173.204.xxx 192.168.30.xx netmask 255.255.255.255 0 0
static (inside,DMZ) 192.168.40.x 192.168.40.x netmask 255.255.255.0 0 0
static (inside,DMZ) 192.168.20.x 192.168.20.x netmask 255.255.255.0 0 0
static (inside,DMZ) 192.168.30.x 192.168.30.x netmask 255.255.255.0 0 0
static (DMZ,inside) 172.16.250.x 172.16.250.x netmask 255.255.255.0 0 0
static (DMZ,outside) 66.173.204.xxx 172.16.250.xx netmask 255.255.255.255 0 0
static (DMZ,outside) 66.173.204.xxx 172.16.250.xx netmask 255.255.255.255 0 0
static (DMZ,outside) 66.173.204.xxx 172.16.250.xx netmask 255.255.255.255 0 0
static (DMZ,outside) 66.173.204.xxx 172.16.250.xx netmask 255.255.255.255 0 0
static (DMZ,outside) 66.173.204.xxx 172.16.250.xx netmask 255.255.255.255 0 0
static (inside,outside) 66.173.204.xxx 192.168.30.xx netmask 255.255.255.255 0 0
access-group acl_outside in interface outside
access-group DMZ_inside in interface DMZ
route outside 0.0.0.0 0.0.0.0 66.173.204.xxx 1
route inside 192.168.0.x 255.255.0.0 172.16.251.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 3:00:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server EPA-RADIUS protocol radius
aaa-server EPA-RADIUS (inside) host xxx.xxx.xx.xx p1xrad1u5 timeout 10
aaa authentication ssh console LOCAL
http server enable
http 24.53.142.xx 255.255.255.255 outside
http 207.196.42.x 255.255.255.0 outside
http 207.196.62.x 255.255.255.0 outside
http 192.168.40.xx 255.255.255.255 inside
http 192.168.30.x 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
tftp-server inside 192.168.40.xx /cisco/pix/
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
sysopt connection permit-l2tp
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 40 match address outside_cryptomap_dyn_40
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5
crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_dyn_60
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-MD5
crypto dynamic-map DMZ_dyn_map 20 match address DMZ_cryptomap_dyn_20
crypto dynamic-map DMZ_dyn_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication EPA-RADIUS
crypto map outside_map interface outside
crypto map DMZ_map 65535 ipsec-isakmp dynamic DMZ_dyn_map
crypto map DMZ_map client authentication EPA-RADIUS
crypto map DMZ_map interface DMZ
crypto map ouside_map client configuration address initiate
crypto map ouside_map client configuration address respond
isakmp enable outside
isakmp enable DMZ
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup VPNAdmins address-pool EPANatPool
vpngroup VPNAdmins dns-server 192.168.30.xx 192.168.30.xx
vpngroup VPNAdmins wins-server 192.168.30.xx 192.168.30.xx
vpngroup VPNAdmins default-domain eastportanalytics.com
vpngroup VPNAdmins split-tunnel VPNAdmins_splitTunnelAcl
vpngroup VPNAdmins pfs
vpngroup VPNAdmins idle-time 1800
vpngroup VPNAdmins password ********
vpngroup VPNUsers address-pool EPANatPool
vpngroup VPNUsers dns-server 192.168.30.xx 192.168.30.xx
vpngroup VPNUsers wins-server 192.168.30.xx 192.168.30.xx
vpngroup VPNUsers default-domain eastportanalytics.com
vpngroup VPNUsers split-tunnel VPNUsers_splitTunnelAcl_1
vpngroup VPNUsers idle-time 1800
vpngroup VPNUsers password ********
vpngroup VPNDmz address-pool EPANatPool
vpngroup VPNDmz dns-server 192.168.30.xx 192.168.30.xx
vpngroup VPNDmz wins-server 192.168.30.xx 192.168.30.xx
vpngroup VPNDmz default-domain eastportanalytics.com
vpngroup VPNDmz split-tunnel VPNDmz_splitTunnelAcl
vpngroup VPNDmz idle-time 1800
vpngroup VPNDmz password ********
vpngroup VPNConsult address-pool EPANatPool
vpngroup VPNConsult dns-server 192.168.30.xx 192.168.30.xx
vpngroup VPNConsult wins-server 192.168.30.xx 192.168.30.xx
vpngroup VPNConsult default-domain eastportanalytics.com
vpngroup VPNConsult split-tunnel VPNConsult_splitTunnelAcl_1
vpngroup VPNConsult idle-time 1800
vpngroup VPNConsult password ********
telnet timeout 5
ssh 24.53.142.xx 255.255.255.255 outside
ssh 207.196.42.x 255.255.255.0 outside
ssh 207.196.62.x 255.255.255.0 outside
ssh 207.196.62.x 255.255.255.0 outside
ssh 192.168.40.xx 255.255.255.255 inside
ssh 192.168.30.x 255.255.255.0 inside
ssh timeout 60
console timeout 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication chap
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
vpdn group PPTP-VPDN-GROUP client configuration address local EPAPPTP
vpdn group PPTP-VPDN-GROUP client configuration dns 192.168.30.xx 192.168.30.xx
vpdn group PPTP-VPDN-GROUP client configuration wins 192.168.30.xx 192.168.30.xx
vpdn group PPTP-VPDN-GROUP client authentication aaa EPA-RADIUS
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn username krislocal password *********
vpdn username mark password *********
vpdn enable outside
username x password yMrlb7CTm2FgGo/c encrypted privilege 15
username x password sAL0w4P0sIQYI/Vu encrypted privilege 15
username x password MlcQgCHOwjYegMdh encrypted privilege 15
terminal width 80
Cryptochecksum:822acabc21fff0a71502023badcbdf47
: end
 
What are the IP's of the web servers??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
add this entry to your DMZ_outbound_nat0_acl:
Code:
access-list DMZ_outbound_nat0_acl extended permit ip 172.16.250.0 255.255.255.0 192.168.30.0 255.255.255.0
add this entry to your DMZ_inside:
Code:
access-list DMZ_inside line 16 permit tcp 172.16.250.0 255.255.255.0 host 192.168.30.20 eq www

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
I looked at the ip configuration of the wifi client on the DMZ. He gets an IP 0f 172.16.253.x..... My DNS servers he gets his info are on the outside at Cavalier. Those DNS servers give the IP of 66.173.204.213 for the web site.

I added,

access-list DMZ_outbound_nat0_acl permit ip 172.16.253.0 255.255.255.0 192.168.30.0 255.255.255.0

access-list DMZ_inside permit tcp 172.16.253.0 255.255.255.0 host 192.168.30.20 eq www

But I still cannot resolve to from the DMZ wifi client
 
Try this:
Code:
alias (dmz) 66.173.204.213 192.168.30.20 255.255.255.255



I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top