Firewall Wizards: RE: PIX DMZ inter-access via outside IP address

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

RE: PIX DMZ inter-access via outside IP address

From: "Keith Anderson" <keith () purescience com>
Date: Sat, 6 Dec 2003 22:41:09 -0700


AS a follow-up, the problem ended up being a routing issue.  Packets
destined to the outside interface would get ignored by the router because
they were assumed to be destined for a device on that domain.  The solution
was to use non-Internet routable addresses between the PIX and the router.
Now that it has a different IP class, the router redirects those packets
back to the PIX, and communication using the Internet addresses works on all
interfaces.

Seems obvious now that it was pointed out to me.  More evidence that I need
a vacation.

I'll post the configs if anyone wants to see the finished product.

THE KILLER PROBLEM: The two servers in the DMZ CAN NOT access
each other
using their public Internet addresses.  They can use their
192.168 addresses
just fine, but not their public addresses.




_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

PIX DMZ inter-access via outside IP address Keith Anderson (Dec 06)
- Re: PIX DMZ inter-access via outside IP address Jason Ostrom (Dec 10)
- RE: PIX DMZ inter-access via outside IP address Andy Lyakhovetskiy (Dec 11)
- <Possible follow-ups>
- RE: PIX DMZ inter-access via outside IP address Keith Anderson (Dec 10)
  - R: PIX DMZ inter-access via outside IP address edp (Dec 11)
- RE: PIX DMZ inter-access via outside IP address Keith Anderson (Dec 11)