or static (inside,dmz) 192.168.1.0 192.168.2.0 netmask 255.255.255.0 to treat the 2 network DMZ and inside zone in routing mode...
""Gaz"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 > > > Gaz > > ""Ali, Abbas"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have just installed a PIX firewall with three interfaces. The Inside > > network is 192.168.1.0 and the DMZ network is 192.168.2.0. > > > > There are a few webservers on a dmz network that need to have an access to > > all the servers on the inside network. Technically I am going to have to > > statically map each server on the inside netowork to an unused address on > > the dmz network and then open the conduit permission. > > > > For example, I have a NT server running on 192.168.1.12. In order for > > webserver to connect to this box I will have to to > > > > Static(inside, dmz) 192.168.2.12 192.168.1.12 netmask 255.255.255.255 > > conduit permit tcp host 192.168.2.12 host any or 192.168.1.12. > > > > I will be very tedious and I will waste so many address on a dmz network > > in an order to create mapping entry for all the servers on inside network. > > > > > > Is there any smaller way of doing it? Can I map the whole dmz network to > > inside network instead of mapping each unused address to inside address? > > > > Abbas Ali, AVVID, CCDP, CCNP, MCSE > > Network Engineer II > > NextiraOne, LLC > > Tel: 714.428.3367 > > Pager: 714.748.4817 > > Email: [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=37916&t=37893 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
