I have just installed a PIX firewall with three interfaces. The Inside network is 192.168.1.0 and the DMZ network is 192.168.2.0.
There are a few webservers on a dmz network that need to have an access to all the servers on the inside network. Technically I am going to have to statically map each server on the inside netowork to an unused address on the dmz network and then open the conduit permission. For example, I have a NT server running on 192.168.1.12. In order for webserver to connect to this box I will have to to Static(inside, dmz) 192.168.2.12 192.168.1.12 netmask 255.255.255.255 conduit permit tcp host 192.168.2.12 host any or 192.168.1.12. I will be very tedious and I will waste so many address on a dmz network in an order to create mapping entry for all the servers on inside network. Is there any smaller way of doing it? Can I map the whole dmz network to inside network instead of mapping each unused address to inside address? Abbas Ali, AVVID, CCDP, CCNP, MCSE Network Engineer II NextiraOne, LLC Tel: 714.428.3367 Pager: 714.748.4817 Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37893&t=37893 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
