Sam, Do you have any sort of statement that's translating the addresses in your DMZ? For example,
static (DMZ,outside) 141.152.135.23 141.152.135.23 netmask 255.255.255.255 If you aren't nat'ing I believe you still have to translate the address. HTH, Kris. -----Original Message----- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 14, 2003 2:08 PM To: [EMAIL PROTECTED] Subject: PIX access-list problem [7:61043] I cannot seem to get the following config to work and am clueless why. My incoming access lists for DMZ and outside are wide open. The goal is not to NAT DMZ ever since its public addressing. I can't even ping hosts on the outside network from PIX. Why am I having these problems? nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 access-list internal permit ip 172.19.90.0 255.255.255.0 any access-list test permit ip any any access-list test permit icmp any any access-list int-dmz permit ip 172.19.90.0 255.255.255.0 83.23.43.0 255.255.255.0 ip address outside 83.23.44.60 255.255.255.192 ip address inside 172.19.90.1 255.255.255.0 ip address dmz 83.23.43.250 255.255.255.0 global (outside) 1 83.23.44.58 nat (inside) 0 access-list int-dmz nat (inside) 1 172.19.90.0 255.255.255.0 0 0 nat (dmz) 0 0.0.0.0 0.0.0.0 0 0 access-group test in interface outside access-group test in interface dmz route outside 0.0.0.0 0.0.0.0 83.23.44.1 1 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by email, delete and destroy this message and its attachments. ********************************************************************** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61051&t=61043 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
