Can anyone help me with setting up this network layout with my Pix Firewall.
Network Layout : Pix > DMZ > ISA Server 2004 > Exchange Server 2003 + Users.
Pix outside IP Address : 65.77.78.47 255.255.255.0
Pix inside IP Address : 172.17.0.1 255.255.0.0
DMZ IP Addresss : 172.18.0.3 255.255.0.0
ISA Server outside IP : 172.18.0.2 255.255.0.0
ISA Server inside IP : 172.18.0.1 255.255.0.0
I've identified the interfaces IP Address and named all plus the following config:
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz) 1 0.0.0.0 0.0.0.0 0 0
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 65.77.78.1 1
I can now access the internet from my ISA Server in the DMZ zone.
I am intending to put the ISA Server out on the DMZ to access the outside world with
static (dmz,outside) 172.18.0.2 65.77.78.47 netmask 255.255.255.255 0 0
and then open all traffic to ISA with
access-list acl_out permit ip any host 65.77.78.47 255.255.255.255 any
access-group acl_out in interface outside
then Ill give ISA server access to the inside network with
access-list acl_dmz permit tcp 172.18.0.1 255.255.0.0 172.17.0.2 255.255.0.0 eq 25
access-group acl_dmz in interface dmz
With the above commands, the first access-list acl_out was not accepted by pix plus the second access-list acl_dmz so if you could please share some light upon my configurations.
Regards,
Semisi
Network Layout : Pix > DMZ > ISA Server 2004 > Exchange Server 2003 + Users.
Pix outside IP Address : 65.77.78.47 255.255.255.0
Pix inside IP Address : 172.17.0.1 255.255.0.0
DMZ IP Addresss : 172.18.0.3 255.255.0.0
ISA Server outside IP : 172.18.0.2 255.255.0.0
ISA Server inside IP : 172.18.0.1 255.255.0.0
I've identified the interfaces IP Address and named all plus the following config:
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz) 1 0.0.0.0 0.0.0.0 0 0
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 65.77.78.1 1
I can now access the internet from my ISA Server in the DMZ zone.
I am intending to put the ISA Server out on the DMZ to access the outside world with
static (dmz,outside) 172.18.0.2 65.77.78.47 netmask 255.255.255.255 0 0
and then open all traffic to ISA with
access-list acl_out permit ip any host 65.77.78.47 255.255.255.255 any
access-group acl_out in interface outside
then Ill give ISA server access to the inside network with
access-list acl_dmz permit tcp 172.18.0.1 255.255.0.0 172.17.0.2 255.255.0.0 eq 25
access-group acl_dmz in interface dmz
With the above commands, the first access-list acl_out was not accepted by pix plus the second access-list acl_dmz so if you could please share some light upon my configurations.
Regards,
Semisi