From: buesink@fma.nl
Date: Mon Aug 22 2005 - 16:38:57 GMT-3
Hi there,
I have a question
I have a pix firewall with:
outside interface, dmz-1, dmz-2 and inside
on the outside there is a .255 mask with realworld ip addressing, so no rfc 1918 addresses.
on dmz-1 is private addresssing 172.16.1.0
on dmz-2 is private addressing 172.18.1.0
on inside is private adressing 172.19.1.0
From the dmz-1 dmz-2 and inside I can internet to the outside, and have access between them (using the private addresses). that's no problem, I used global / nat and static commands.
On the dmz-1 AND dmz-2 are webservers, witch are reachable from the outside, with static NAT translations.
My problem is the following:
If I am on DMZ-2 and I want to access a webserver on DMZ-1 I am NOT able to do this with the outside address of that webserver, but I can access the webserver with it's REAL address in the DMZ-1.
I want to make it work so when I'm in dmz-2 I can use both the REAL and NAT address from the webserver in DMZ-1.
The outside NAT address (set with "static" command) is reachable. from the internet I can use the outside nat address, but my problem is I can't use it from withing the dmz-2.
Does someone have an idea??
Also I'm having a hard time to debug on the pix..
I use logging monitor 7, but that's gives A LOT of info that I don't want to see, does someone know this problem?
Regards and thanks,
J.
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3