Re: [fw-wiz] PIX 520 - control traffic between DMZ and inside devices
From: Miha Vitorovic (miha@nil.si)
Date: 12/17/02
- Next message: Todd Underwood: "Re: [fw-wiz] My LDAP question (fwd)"
- Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: [fw-wiz] "802.1x"?"
- Maybe in reply to: Eye Am: "[fw-wiz] PIX 520 - control traffic between DMZ and inside devices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Eye Am" <eyeam@optonline.net> From: "Miha Vitorovic" <miha@nil.si> Date: Tue Dec 17 08:17:43 2002
Hi,
It is hard to tell you, what is wrong w/o seeing the config, but:
>Hers's my quandry: The webserver also needs to be limited to port 1433,
TCP
>and UDP, to a specific MSSQL server on the inside and all traffic may
flow
>on all ports to another computer on the inside. How do I control traffic
>between DMZ and inside devices?
To get to inside from DMZ you will need,
- static mappings of the inside devices (may be set to something like
"static (inside,DMZ) <translated address [global]> <inside address
[local]> netmask 255.255.255.255" if you need an entire [range of]
network[s])
- set the appropriate ACLs on the DMZ interface
- Set the routes for the inside networks (the ones that are not directly
connected to the inside interface).
set appropriate fixups if needed
clear xlat
hope for the best ;-)
--- Miha Vitorovic Inženir v tehničnem področju Customer Support Engineer NIL Data Communications, Einspielerjeva 6, 1000 Ljubljana, Slovenia Phone +386 1 4746 500 Fax +386 1 4746 501 http://www.NIL.si
- Next message: Todd Underwood: "Re: [fw-wiz] My LDAP question (fwd)"
- Previous message: Dawes, Rogan (ZA - Johannesburg): "RE: [fw-wiz] "802.1x"?"
- Maybe in reply to: Eye Am: "[fw-wiz] PIX 520 - control traffic between DMZ and inside devices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
