VDS

Apr 13 2020

#Dmz #host-Dmz host



Dmz host

Traffic from DMZ issue (Pix Firewall )

1> Host in the DMZ cannot browse the internet
2> Traffic doesnt pass from dmz to inside and inside to dmz

*********************************************
1> Traffice hits the DMZ host
2> from inside network I am able to ping the DMZ host
3> From PIX I am able to ping the inside PC and DMZ Host
4> From DMZ Host I am able to ping the PIX
5> From DMZ Host I am able to telnet smtp server on Internet
*********************************************

I have the following configuration.

My requirements are :-

Outside ( INTERNET ) should be able to access SMTPServer
SMTPServer in DMZ should be able to communicate with Outside(Internet) on port 25,8080,80,dns
SMTPServer in DMZ should be able to communicate with inside on port 25,8080,80,dns

Outside ( INTERNET ) should be able to access WebServer
WebServer in DMZ should be able to communicate with Outside(Internet) on port 8080,80,dns
WebServer in DMZ should be able to communicate with inside on port 25,8080,80,dns

SmtpServer in DMZ
host ip 10.1.1.2

WebServer in DMZ
host IP 10.1.1.3

ip address outside 150.153.1.1
ip address inside 192.168.1.100 255.255.255.0
ip address DMZ 10.1.1.1 255.255.255.0

nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security50

access-group 101 in interface outside
access-group 100 in interface inside
access-group 102 in interface DMZ

static (DMZ,outside) 150.153.1.5 10.1.1.2 netmask 255.255.255.255 0 0
static (DMZ,outside) 150.153.1.6 10.1.1.3 netmask 255.255.255.255 0 0

static (DMZ,inside) 192.168.1.100 10.1.1.2 netmask 255.255.255.255 0 0
static (DMZ,inside) 192.168.1.101 10.1.1.3 netmask 255.255.255.255 0 0

static (inside,DMZ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0
static (inside,DMZ) 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0
static (inside,DMZ) 192.168.5.0 192.168.5.0 netmask 255.255.255.0 0 0

——————-ACCESS-LIST for Inside Interface ——————
access-list 100 permit tcp any host 10.1.1.2 eq smtp
access-list 100 permit tcp any host 10.1.1.2 eq www
access-list 100 permit tcp any host 10.1.1.2 eq 8080
access-list 100 permit udp any host 10.1.1.2 eq domain
access-list 100 permit tcp any host 10.1.1.2 eq domain

access-list 100 permit tcp any host 10.1.1.3 eq www
access-list 100 permit tcp any host 10.1.1.3 eq 8080
access-list 100 permit tcp any host 10.1.1.3 eq 443
———————————————

—ACCESS-LIST for Outside Interface ——-access-list 101 permit tcp any host 150.153.1.5 eq smtp
access-list 101 permit tcp any host 150.153.1.5 eq www
access-list 101 permit tcp any host 150.153.1.5 eq 8080
access-list 101 permit udp any host 150.153.1.5 eq domain
access-list 101 permit tcp any host 150.153.1.5 eq domain

access-list 101 permit tcp any host 150.153.1.6 eq www
access-list 101 permit tcp any host 150.153.1.6 eq 8080
access-list 101 permit tcp any host 150.153.1.6 eq 443
———————————————

–ACCESS-LIST for DMZ Interface ————-
access-list 102 permit tcp 10.1.1.3 any eq smtp
access-list 102 permit tcp 10.1.1.3 any eq 8080
access-list 102 permit tcp 10.1.1.3 any eq 80
access-list 102 permit tcp 10.1.1.3 any eq domain
access-list 102 permit udp 10.1.1.3 any eq domain
———————————————

Still Myself

1. How many hosts are there in your DMZ?
2. Are they in separate subnetwork?
3. Have you done the NAT? Static or Dynamic NAT?Try individually.
4. From outside to your DMZ you would have assigned the routing in the WAN side router and also in the firewall,but have you configured any routing for your DMZ host to reach the internet in the firewall?
5. Basically Why you have put the host in the DMZ?
6. Are you able to ping the WAN router’s ethernet port (which is attached to the firewall’s external address)
7.Ping any web side by its name. Ex: ping yahoo.com
8.Try finding any one IP address of the yahoo.com and try pinking that IP address.
9.Check your browser settings,and DNS.
10. What is the gateway you have assigned in your DMZ hosts?

Please check the above and come back to me.

Thanks and Regards,

“still.myself via cisco-infrastructure-l” wrote:

1> Host in the DMZ cannot browse the internet
2> Traffic doesnt pass from dmz to inside and inside to dmz

*********************************************
1> Traffice hits the DMZ host
2> from inside network I am able to ping the DMZ host
3> From PIX I am able to ping the inside PC and DMZ Host
4> From DMZ Host I am able to ping the PIX
5> From DMZ Host I am able to telnet smtp server on Internet
*********************************************

I have the following configuration.

My requirements are :-

Outside ( INTERNET ) should be able to access SMTPServer
SMTPServer in DMZ should be able to communicate with Outside(Internet) on port 25,8080,80,dns
SMTPServer in DMZ should be able to communicate with inside on port 25,8080,80,dns

Outside ( INTERNET ) should be able to access WebServer
WebServer in DMZ should be able to communicate with Outside(Internet) on port 8080,80,dns
WebServer in DMZ should be able to communicate with inside on port 25,8080,80,dns

SmtpServer in DMZ
host ip 10.1.1.2

WebServer in DMZ
host IP 10.1.1.3

ip address outside 150.153.1.1
ip address inside 192.168.1.100 255.255.255.0
ip address DMZ 10.1.1.1 255.255.255.0

nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security50

access-group 101 in interface outside
access-group 100 in interface inside
access-group 102 in interface DMZ

static (DMZ,outside) 150.153.1.5 10.1.1.2 netmask 255.255.255.255 0 0
static (DMZ,outside) 150.153.1.6 10.1.1.3 netmask 255.255.255.255 0 0

static (DMZ,inside) 192.168.1.100 10.1.1.2 netmask 255.255.255.255 0 0
static (DMZ,inside) 192.168.1.101 10.1.1.3 netmask 255.255.255.255 0 0

static (inside,DMZ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0
static (inside,DMZ) 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0
static (inside,DMZ) 192.168.5.0 192.168.5.0 netmask 255.255.255.0 0 0

——————-ACCESS-LIST for Inside Interface ——————
access-list 100 permit tcp any host 10.1.1.2 eq smtp
access-list 100 permit tcp any host 10.1.1.2 eq www
access-list 100 permit tcp any host 10.1.1.2 eq 8080
access-list 100 permit udp any host 10.1.1.2 eq domain
access-list 100 permit tcp any host 10.1.1.2 eq domain

access-list 100 permit tcp any host 10.1.1.3 eq www
access-list 100 permit tcp any host 10.1.1.3 eq 8080
access-list 100 permit tcp any host 10.1.1.3 eq 443
———————————————

—ACCESS-LIST for Outside Interface ——-access-list 101 permit tcp any host 150.153.1.5 eq smtp
access-list 101 permit tcp any host 150.153.1.5 eq www
access-list 101 permit tcp any host 150.153.1.5 eq 8080
access-list 101 permit udp any host 150.153.1.5 eq domain
access-list 101 permit tcp any host 150.153.1.5 eq domain

access-list 101 permit tcp any host 150.153.1.6 eq www
access-list 101 permit tcp any host 150.153.1.6 eq 8080
access-list 101 permit tcp any host 150.153.1.6 eq 443
———————————————

–ACCESS-LIST for DMZ Interface ————-
access-list 102 permit tcp 10.1.1.3 any eq smtp
access-list 102 permit tcp 10.1.1.3 any eq 8080
access-list 102 permit tcp 10.1.1.3 any eq 80
access-list 102 permit tcp 10.1.1.3 any eq domain
access-list 102 permit udp 10.1.1.3 any eq domain
———————————————

Thanks and Regards,

S.VENKATARAMAN,
Cell: +968 95268201

———————————
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.

HI,
Could u pls explain me why u are doing these below static mapping.

static (DMZ,inside) 192.168.1.100 10.1.1.2 netmask 255.255.255.255 0 0
static (DMZ,inside) 192.168.1.101 10.1.1.3 netmask 255.255.255.255 0 0

static (inside,DMZ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0
static (inside,DMZ) 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0
static (inside,DMZ) 192.168.5.0 192.168.5.0 netmask 255.255.255.0 0 0

I think there is no need of these mapping .

venkat raman via cisco-infrastructure-l wrote:

1. How many hosts are there in your DMZ?
2. Are they in separate subnetwork?
3. Have you done the NAT? Static or Dynamic NAT?Try individually.
4. From outside to your DMZ you would have assigned the routing in the WAN side router and also in the firewall,but have you configured any routing for your DMZ host to reach the internet in the firewall?
5. Basically Why you have put the host in the DMZ?
6. Are you able to ping the WAN router’s ethernet port (which is attached to the firewall’s external address)
7.Ping any web side by its name. Ex: ping yahoo.com
8.Try finding any one IP address of the yahoo.com and try pinking that IP address.
9.Check your browser settings,and DNS.
10. What is the gateway you have assigned in your DMZ hosts?

Please check the above and come back to me.

Thanks and Regards,

“still.myself via cisco-infrastructure-l” wrote:

1> Host in the DMZ cannot browse the internet
2> Traffic doesnt pass from dmz to inside and inside to dmz

*********************************************
1> Traffice hits the DMZ host
2> from inside network I am able to ping the DMZ host
3> From PIX I am able to ping the inside PC and DMZ Host
4> From DMZ Host I am able to ping the PIX
5> From DMZ Host I am able to telnet smtp server on Internet
*********************************************

I have the following configuration.

My requirements are :-

Outside ( INTERNET ) should be able to access SMTPServer
SMTPServer in DMZ should be able to communicate with Outside(Internet) on port 25,8080,80,dns
SMTPServer in DMZ should be able to communicate with inside on port 25,8080,80,dns

Outside ( INTERNET ) should be able to access WebServer
WebServer in DMZ should be able to communicate with Outside(Internet) on port 8080,80,dns
WebServer in DMZ should be able to communicate with inside on port 25,8080,80,dns

SmtpServer in DMZ
host ip 10.1.1.2

WebServer in DMZ
host IP 10.1.1.3

ip address outside 150.153.1.1
ip address inside 192.168.1.100 255.255.255.0
ip address DMZ 10.1.1.1 255.255.255.0

nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 DMZ security50

access-group 101 in interface outside
access-group 100 in interface inside
access-group 102 in interface DMZ

static (DMZ,outside) 150.153.1.5 10.1.1.2 netmask 255.255.255.255 0 0
static (DMZ,outside) 150.153.1.6 10.1.1.3 netmask 255.255.255.255 0 0

static (DMZ,inside) 192.168.1.100 10.1.1.2 netmask 255.255.255.255 0 0
static (DMZ,inside) 192.168.1.101 10.1.1.3 netmask 255.255.255.255 0 0

static (inside,DMZ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0
static (inside,DMZ) 192.168.2.0 192.168.2.0 netmask 255.255.255.0 0 0
static (inside,DMZ) 192.168.5.0 192.168.5.0 netmask 255.255.255.0 0 0

——————-ACCESS-LIST for Inside Interface ——————
access-list 100 permit tcp any host 10.1.1.2 eq smtp
access-list 100 permit tcp any host 10.1.1.2 eq www
access-list 100 permit tcp any host 10.1.1.2 eq 8080
access-list 100 permit udp any host 10.1.1.2 eq domain
access-list 100 permit tcp any host 10.1.1.2 eq domain

access-list 100 permit tcp any host 10.1.1.3 eq www
access-list 100 permit tcp any host 10.1.1.3 eq 8080
access-list 100 permit tcp any host 10.1.1.3 eq 443
———————————————

—ACCESS-LIST for Outside Interface ——-access-list 101 permit tcp any host 150.153.1.5 eq smtp
access-list 101 permit tcp any host 150.153.1.5 eq www
access-list 101 permit tcp any host 150.153.1.5 eq 8080
access-list 101 permit udp any host 150.153.1.5 eq domain
access-list 101 permit tcp any host 150.153.1.5 eq domain

access-list 101 permit tcp any host 150.153.1.6 eq www
access-list 101 permit tcp any host 150.153.1.6 eq 8080
access-list 101 permit tcp any host 150.153.1.6 eq 443
———————————————

–ACCESS-LIST for DMZ Interface ————-
access-list 102 permit tcp 10.1.1.3 any eq smtp
access-list 102 permit tcp 10.1.1.3 any eq 8080
access-list 102 permit tcp 10.1.1.3 any eq 80
access-list 102 permit tcp 10.1.1.3 any eq domain
access-list 102 permit udp 10.1.1.3 any eq domain
———————————————

Thanks and Regards,

S.VENKATARAMAN,
Cell: +968 95268201

———————————
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.

———————————
Here’s a new way to find what you’re looking for – Yahoo! Answers
Send FREE SMS to your friend’s mobile from Yahoo! Messenger Version 8. Get it NOW

Dmz host



Dmz host

Dmz host

Please Help ??? ============ ISSUES ========================= 1> Host in the DMZ cannot browse the internet 2> Traffic doesnt pass from dmz to inside and inside to dmz ============================================= ********************************************* 1> Traffice hits the DMZ host 2> from inside network I am able to ping the DMZ host 3>…
SOURCE: Dmz host http://networking.ittoolbox.com/groups/technical-functional/cisco-infrastructure-l/traffic-from-dmz-issue-pix-firewall-1160598 Dmz host

USA News. American News.

News latest news news today news headlines breaking news new current news world news top news latest news today,

headline news online news today's news headlines daily news local news breaking news today new news to day news recent news latest news headlines top news today top news stories news stories national news international.

News news update current news today today's national news news updates headlines news update today latest breaking news breaking news headlines latestnews latest national news english news latest world news latest,

news update latest news headlines for today hot news today headlines today news websites current news events the news today's news headlines in english current news headlines top news headlines national news headlines top.
Headlines latest headlines newspaper headlines today latest it news top stories current news stories news sites.

Written by admin


%d bloggers like this: