FW: Pix static problem

From: george gittins (g.gittins@edinburg.esc1.net)
Date: Tue Feb 11 2003 - 15:15:56 GMT-3

• Next message: Kleberg, Jason: "RE: 3550 port security w/o L2 or L3 access-list"
• Previous message: DougAtHome: "Re: Problem getting local mobility to work"
• Maybe in reply to: george gittins: "Pix static problem"
• Next in thread: balaji.balakrishnan: "Re: Pix static problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Got it

George Gittins
Network and Computer Maintenance Supervisor

-----Original Message-----
From: Clay Maney [mailto:clay@openworldinc.com]
Sent: Tuesday, February 11, 2003 12:08 PM
To: george gittins
Subject: Re: Pix static problem

I'm not sure I understand your problem... you have a PIX with
inside,outside,
and dmz interfaces, right? A webserver in the DMZ, and two DNS servers in
the inside? I *think* you're saying that you're trying to get your
DMZ-based
webserver to access your internal DNS servers... in that case, you need a
static mapping between the inside and the dmz, in addition to the static's
to the outside world (assuming you need those for some other reason).

So it'd look something like this:

static (inside,dmz) 204.158.241.249 10.16.1.249
static (inside,dmz) 204.158.241.250 10.16.1.250

Then your webserver should be able to access the dns servers...

(normally, I'd have it setup like the following:

static (inside,dmz) 10.16.1.249 10.16.1.249
static (inside,dmz) 10.16.1.250 10.16.1.250

and then have the webserver access it via the 10.16.1.X address, but
it shouldn't matter.

hth,
Clay

On Tue, Feb 11, 2003 at 11:29:33AM -0600, george gittins wrote:
> I have a problem with my pix , I have two dns servers with internal ip
that
> I set up static mappings. However the webserver on the dmz zone I can
only
> hit it via ip, so im assuming that the internal dns mappings is not
working
> when I do a show conduit statement I show no hits for my internal dns.
>
>
>
> The ip of my internal dns servers are
>
> 10.16.1.249 & 250
>
> and on the outside
>
>
>
> 204.158.241.249
>
> 204.158.241.250
>
>
>
> I place these statements
>
>
>
> Static (inside, outside) 204.158.241.250 10.16.1.249 netmask
255.255.255.255
>
> Same for the other.
>
> And a conduit statement
>
> Conduit permit 204.158.241.249 eq 53 any
>
> And no luck
>
>
>
> Any suggestions
>
>
>
>
>
> George Gittins
>
> Network and Computer Maintenance Supervisor
> .
.

• Next message: Kleberg, Jason: "RE: 3550 port security w/o L2 or L3 access-list"
• Previous message: DougAtHome: "Re: Problem getting local mobility to work"
• Maybe in reply to: george gittins: "Pix static problem"
• Next in thread: balaji.balakrishnan: "Re: Pix static problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:18 GMT-3