Can't see anything wrong. Have you done a 'clear xlate', and if necessary a reboot? Otherwise can't see anything, as long as IP config is OK on devices on DMZ.
Gaz ""cage"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The following is my configure of pix 525, now the nodes in the dmz can not > connect to the outside, why? > and do i have to use the NAT command to the traffic from the dmz to the > outside. It seem that the pix cant route the dmz traffic to the outside. > help me! please! > > sh conf > : Saved > : > PIX Version 6.0(1) > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 dmz security50 > nameif ethernet3 intf3 security15 > nameif ethernet4 intf4 security20 > enable password 8Ry2YjIyt7RRXU24 encrypted > passwd 2KFQnbNIdI.2KYOU encrypted > hostname pixfirewall > fixup protocol ftp 21 > fixup protocol http 80 > fixup protocol h323 1720 > fixup protocol rsh 514 > fixup protocol smtp 25 > fixup protocol sqlnet 1521 > fixup protocol sip 5060 > fixup protocol skinny 2000 > names > access-list acl_in permit tcp any host 202.99.33.69 eq smtp > access-list acl_in permit tcp any host 202.99.33.72 eq www > access-list acl_in permit tcp any host 202.99.33.66 eq domain > access-list acl_in permit tcp any host 202.99.33.67 eq domain > access-list acl_in permit icmp any any > access-list ping_acl permit icmp any any > pager lines 30 > interface ethernet0 auto > interface ethernet1 auto > interface ethernet2 auto > > > interface ethernet3 auto shutdown > interface ethernet4 auto shutdown > mtu outside 1500 > mtu inside 1500 > mtu dmz 1500 > mtu intf3 1500 > mtu intf4 1500 > ip address outside 210.82.34.29 255.255.255.0 > ip address inside 192.168.4.1 255.255.255.0 > ip address dmz 202.99.33.254 255.255.255.0 > ip address intf3 127.0.0.1 255.255.255.255 > ip address intf4 127.0.0.1 255.255.255.255 > ip audit info action alarm > ip audit attack action alarm > no failover > failover timeout 0:00:00 > failover poll 15 > failover ip address outside 0.0.0.0 > failover ip address inside 0.0.0.0 > failover ip address dmz 0.0.0.0 > failover ip address intf3 0.0.0.0 > failover ip address intf4 0.0.0.0 > pdm history enable > arp timeout 14400 > global (dmz) 1 202.99.33.73 netmask 255.255.255.0 > nat (inside) 1 0 0 > nat (dmz) 0 202.99.33.0 255.255.255.0 0 0 > static (dmz,outside) 202.99.33.69 202.99.33.69 netmask 255.255.255.255 0 0 > static (dmz,outside) 202.99.33.72 202.99.33.72 netmask 255.255.255.255 0 0 > static (dmz,outside) 202.99.33.66 202.99.33.66 netmask 255.255.255.255 0 0 > > > static (dmz,outside) 202.99.33.67 202.99.33.67 netmask 255.255.255.255 0 0 > access-group acl_in in interface outside > access-group ping_acl in interface dmz > route outside 0.0.0.0 0.0.0.0 210.82.34.25 1 > timeout xlate 3:00:00 > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 > 0:05:00 sip 0:30:00 sip_media 0:02:00 > timeout uauth 0:05:00 absolute > aaa-server TACACS+ protocol tacacs+ > aaa-server RADIUS protocol radius > no snmp-server location > no snmp-server contact > snmp-server community public > no snmp-server enable traps > floodguard enable > no sysopt route dnat > telnet timeout 5 > ssh timeout 5 > terminal width 80 > Cryptochecksum:3be86ece2c90058e0c9190f986717d63 > > pixfirewall# Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33258&t=33184 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]