It looks to me that you conduit is wrong. Your line is "conduit permit tcp host 128.200.111.100 eq 135 host 128.200.111.150 eq 135" In plain english what this says is, "Let any traffic originating from 128.200.111.100 on TCP port 135 go to server 128.200.111.150, to TCP port 135." The key to the reason that it is not working is the first "eq 135". Personally, I have not found a way to specify what the originating port is at the server. Usually the source port is a randomly generated port number, and the important one is the destination port. The line should read, "conduit permit tcp host 128.200.111.100 host 128.200.111.150 eq 135" K ----- Kristopher B. Climie, CCNP, CCPD <[EMAIL PROTECTED]> wrote in message D528DF24AEBCD311A17700508B92CBBF101F47@NEWMAN">news:D528DF24AEBCD311A17700508B92CBBF101F47@NEWMAN... > Hi, > > You need to add a static statement to the internal server but something > that goes like that: > Static (inside,outside/dmz-I didn't really understood from you mail where it > is located) 10.10.1.150 10.10.1.150. > The conduit you already have. > The static statement that I wrote actually say that IP address can be reach > but the appropriate conduit. > This is the way I usually do it. > > > GIL > CCNA,CCDA > > -----Original Message----- > From: SH Wesson [mailto:[EMAIL PROTECTED]] > Sent: ??? ??? 11 ?????? 2000 13:14 > To: [EMAIL PROTECTED] > Subject: pix > > > I am using a Cisco PIX 520 with an inside interface and an outside > interface. I have > the following scenario: > > Internal server has an address of 10.10.1.150, the external server has an ip > > address > of 128.200.111.100. The external server is in the dmz zone. The internal > server has > been assigned a global address 0f 128.200.111.150 that maps to the inside > server > of ip address 10.10.1.150. I want the external server of 128.200.111.100 to > > be able to > communicate with the inside server only through port 135. > > I assigned a static ip address to the inside host with the following > command: > > static (inside,outside) 128.200.111.150 10.10.1.150 netmask 255.255.255.255 > 0 0 > > > I assigned the permission for the external server to be able to access the > inside > server only via port 135 using the following command. > > conduit permit tcp host 128.200.111.100 eq 135 host 128.200.111.150 eq 135 > > > Is this the right way of doing it? If I'm doing it wrong, can someone show > me how to do this. > > Thanks. > _________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > Share information about yourself, create your own public profile at > http://profiles.msn.com. > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _________________________________ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > This email was scanned using ESPG @ PubliCom Haifa. > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _________________________________ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]