Table of Contents
Advertisement
11 Issue the command 'nameif ethernet2 dmz security4' (or whatever interface you are using)
12 Issue the command 'ip address dmz 192.168.200.2 255.255.255.0'
13 Issue the command 'nat (dmz) 1 192.168.200.0 255.255.255.0 0 0'
14 Issue the command 'access-list sslvpn permit tcp any host x.x.x.x eq www' (replace x.x.x.x with the
WAN IP address of your PIX)
15 Issue the command 'access-list sslvpn permit tcp any host x.x.x.x eq https' (replace x.x.x.x with the
WAN IP address of your PIX)
16 Issue the command 'access-list dmz-to-inside permit ip 192.168.200.0 255.255.255.0
192.168.100.0 255.255.255.0'
17 Issue the command 'access-list dmz-to-inside permit ip host 192.168.200.1 any'
18 Issue the command 'static (dmz,outside) tcp x.x.x.x www 192.168.200.1 www netmask
255.255.255.255 0 0' (replace x.x.x.x with the WAN IP address of your PIX)
19 Issue the command 'static (dmz,outside) tcp x.x.x.x https 192.168.200.1 https netmask
255.255.255.255 0 0' (replace x.x.x.x with the WAN IP address of your PIX)
20 Issue the command 'static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0 0
0'
21 Issue the command 'access-group sslvpn in interface outside'
22 Issue the command 'access-group dmz-to-inside in interface dmz'
23 Exit config mode and issue the command 'wr mem' to save and activate the changes.
24 From an external system, attempt to connect to the SMA/SRA appliance using both HTTP and HTTPS. If
you cannot access the SMA/SRA appliance, check all previous steps and test again.
Final Config Sample – Relevant Programming in Bold:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security4
enable password SqjOo0II7Q4T90ap encrypted
passwd SqjOo0II7Q4T90ap encrypted
hostname tenaya
domain-name vpntestlab.com
clock timezone PDT -8
clock summer-time PDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list sslvpn permit tcp any host 64.41.140.167 eq www
access-list sslvpn permit tcp any host 64.41.140.167 eq https
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
442
Advertisement
Chapters
Table of Contents
Troubleshooting
