>> Hmmm.... Maybe the
>>PIX can't have conduits mapped to subnets other than the one the
>>interface is directly connected to?
This is most assuredly possible, although opening holes to the internal
network must always be evaluated on the basis of Business need Vs. Security
risk, for your envirnment. Assuming your route statements are correct and
the Pix can reach the internal host Static Statements may map to hosts on
Subnets several hops inside the firerwall itself. This was verified on a Pix
520, Unrestricted license, Version 5.1(2). Basically if you can ping it from
the Pix, you can map to it using a static/conduit set of statements.
Ken Claussen MCSE CCNA CCA
[EMAIL PROTECTED]
"The Mind is a Terrible thing to Waste!"
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
