Thanks for your help guys. I was able to get it working with the
access-list entries and a nat entry. This allows IP connections and no DNS
which chris had said wouldn't work until that was configured also. I don't
think I will need that as of right now but I may look into it just to see
how to get it working. Thanks for everyone's input!
Paul
> Re: DMZ traffic out to internet with PIX 515 (Chris Wargaski)
>Message: 1
>Date: Sat, 6 Jan 2007 14:20:43 -0600
>From: "Chris Wargaski" <cwargaski@rmstsi.com>
>Subject: Re: [fw-wiz] DMZ traffic out to internet with PIX 515
>
>You'll need to allow DNs queries outbound from the DMZ, too.
>
>cjw
>
>Christopher J. Wargaski
>RMS Technology Solutions, Inc.
>cwargaski@rmstsi.com
>(847) 215-1661 x223
>
>
>
>-----Original Message-----
>From: firewall-wizards-bounces@listserv.icsalabs.com on behalf of Victor
>Williams
>Sent: Fri 1/5/2007 6:27 PM
>To: Firewall Wizards Security Mailing List
>Subject: Re: [fw-wiz] DMZ traffic out to internet with PIX 515
>
>You've got no access list entries allowing hosts in the DMZ1 segment
>access out to the internet. Also, checking the log buffer on the PIX
>will usually give you the culprit of what's causing your access issue if
>you have it set up to do so...set the log to warning or higher and it
>will show you what the culprit is.
>
>What I believe you need is (at least for traffic to http and https
>websites):
>
>access-list dmz_out permit tcp 10.0.0.0 255.255.255.0 any eq 80
>access-list dmz_out permit tcp 10.0.0.0 255.255.255.0 any eq 443
>nat (DMZ1) 1 10.0.0.0 255.255.255.0
_________________________________________________________________
Fixing up the home? Live Search can help
http://imagine-windowslive.com/search/kits/default.aspx?kit=improve&locale=en-US&source=hmemailtaglinenov06&FORM=WLMTAG
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|