This type of NAT is required for incoming connections. I can't get access going out so I haven't even looked at that yet. Even worse is from 83.23.44.60 (outside interface of PIX) I can't ping 83.23.44.50 which is outside of the PIX. If you look at my access-list , this should not be a problem. I am stumped on this. ""Waters, Kristina"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Sam, > > Do you have any sort of statement that's translating the addresses in your > DMZ? For example, > > static (DMZ,outside) 141.152.135.23 141.152.135.23 netmask 255.255.255.255 > > If you aren't nat'ing I believe you still have to translate the address. > > HTH, > Kris. > > -----Original Message----- > From: Sam Sneed [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 14, 2003 2:08 PM > To: [EMAIL PROTECTED] > Subject: PIX access-list problem [7:61043] > > > I cannot seem to get the following config to work and am clueless why. My > incoming access lists for DMZ and outside are wide open. The goal is not to > NAT DMZ ever since its public addressing. I can't even ping hosts on the > outside network from PIX. Why am I having these problems? > > nameif ethernet0 outside security0 > nameif ethernet1 inside security100 > nameif ethernet2 dmz security50 > > access-list internal permit ip 172.19.90.0 255.255.255.0 any > > access-list test permit ip any any > access-list test permit icmp any any > > access-list int-dmz permit ip 172.19.90.0 255.255.255.0 83.23.43.0 > 255.255.255.0 > > ip address outside 83.23.44.60 255.255.255.192 > ip address inside 172.19.90.1 255.255.255.0 > ip address dmz 83.23.43.250 255.255.255.0 > > global (outside) 1 83.23.44.58 > nat (inside) 0 access-list int-dmz > nat (inside) 1 172.19.90.0 255.255.255.0 0 0 > nat (dmz) 0 0.0.0.0 0.0.0.0 0 0 > access-group test in interface outside > access-group test in interface dmz > route outside 0.0.0.0 0.0.0.0 83.23.44.1 1 > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the sender by email, delete and destroy this message and its > attachments. > **********************************************************************
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61054&t=61043 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
