Ramesh, As to routing, the PIX will forward packets from one interface to another, but you have to do certain things to accomplish this: >From higher security level to lower, you need nat and global commands; from lower to higher, you need static and access-list commands.
Fro external people accessing the DMZ, you also need a static command, and I assume that you have applied the ACL to the PIX's outside interface. As to the inside interface accessing the DMZ, you'll need to set up a nat and global command set (or use nat 0 to disable NAT between the two networks). ""ramesh c"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > 1)I got traffic flowing from outside to dmz.I got a mail server sitting on > the dmz. > > access-list acl_outside permit tcp any host mail eq smtp > > Do I need to the following?or just the access-list will do? > static (dmz,outside) mail mail netmask 255.255.255.255 0 > > 2)Can inside access DMZ without nat commands?.Meaning can pix act as a > router? > -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57707&t=57686 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]