Define static(s) to translate inside host address(es) to DMZ address(es) like so: static (inside,DMZ) 192.168.10.222 10.2.5.222 netmask 255.255.255.255 0 0 static (inside,DMZ) 192.168.10.230 10.2.5.230 netmask 255.255.255.255 0 0 Configure an access list to permit traffic to the tranlated inside address(es) like so: access-list acl_dmz permit tcp host 192.168.10.15 host 192.168.10.230 eq 143 access-list acl_dmz permit tcp host 192.168.10.15 host 192.168.10.230 eq pop3
Apply your access-list: access-group acl_dmz in interface DMZ Vijay Ramcharan -----Original Message----- From: Curious [mailto:[EMAIL PROTECTED] Sent: Friday, May 30, 2003 11:26 AM To: [EMAIL PROTECTED] Subject: PIX Firewall --- DMZ to Inside Access [7:69877] Fellows - I have a senario here, I have a PIX firewall with 3 Interfaces , Inside, Outside and DMZ. Machines on the Inside Interface can access Server on DMZ Zone, no problem, I have to facilitate limited access from DMZ zone Servers to Host on Inside Interface. Let take an example, I have a Server on DMZ zone 10.1.1.1 and i need to alow TCP Port 7000 from this Server to a host on Inside zone whoes IP address is 192.168.20.10 I have a raw configuration in my mind since i dont a PIX with 3 Interfaces in my LAB i can not test it. I know i have put an Access List / NAT to do this. Any config welcome. thanks -- Curious MCSE, CCNP Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=69885&t=69877 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]