HI here are some of the tips: - From Higher ASA to Lower ASA --> You need NAT and Global - From Lower ASA to Higher ASA --> You need Conduit/Access-List and Static
Best Regards, HATO >From: "mike greenberg" >Reply-To: "mike greenberg" >To: [EMAIL PROTECTED] >Subject: Re: With PIX unable to reach DMZ from LAN [7:55608] >Date: Tue, 15 Oct 2002 10:26:14 GMT > >This is a simple solution. Do this: >static (inside,perimeter) 192.168.11.0 192.168.11.0 netmask 255.255.255.0 >This will make the pix acts like a router with traffic from 192.168.11.0 to >communicate with 192.168.23.0; however, you have to make access-list to >allow >network 192.168.23.0 to talk back to 192.168.11.0 because perimeter has >lower >security level than the inside interface. > > Guruprasad Sanjeevi wrote:Hi group, > >I am trying to configure PIX .It has 3 Ethernet Interface and three >networks are used. > >LAN (inside) : 192.168.11.0 >DMZ (perimeter)) : 192.168.23.0 >Outside:66.x.x.x > >Problem : users from Inside and Perimeter network are able to browse, but >the inside and Perimeter network cannot talk to each other. I have given >the >static command like this > >Static(inside, perimeter) 192.168.23.0 192.168.11.0 0 0 > >What other command is required on the PIX to enable communication from >INSIDE network to DMZ(perimeter) and vice-versa. > >Please help.... > >Thanks >Guruprasad > >[GroupStudy.com removed an attachment of type application/ms-tnef which had >a name of winmail.dat] >Do you Yahoo!? >Faith Hill - Exclusive Performances, Videos, & more >faith.yahoo.com _________________________________________________________________ Get a speedy connection with MSN Broadband. Join now! http://resourcecenter.msn.com/access/plans/freeactivation.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55659&t=55608 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
