You need to have a static entry
static (inside, dmz) 1.3.0.0 1.3.0.0 netmask 255.255.0.0
Rich Pitcock
-----Original Message-----
From: Neil Hunt [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 26, 2001 3:31 AM
To: [EMAIL PROTECTED]
Subject: PIX 515 with nat (inside) and no-nat (dmz)
G'day,
I'm having a little issue with my new PIX. I want to set it up with the
internal addresses nat'd (1.3.0.0/255.255.0.0) and the dmz addresses
not nat'd (x.x.x.0/255.255.255.224). The external interface is
x.x.x.34/255.255.255.224, and the default route it x.x.x.33/255.255.255.224.
From the internal and dmz I can ping the external, and the external can
get at the dmz, but the internal network cannot see the dmz. At present
the only access-list in there is permitting icmp through all interfaces.
I have set: -
nat (inside) 1 0 0
and tried various combinations of: -
static (dmz,outside) x.x.x.0 x.x.x.0 netmask 255.255.255.224
I can't seem to find any examples of this sort of configuration
anywhere, and am starting to wonder if it is actually possible (gee I
hope so.. :)
TIA
Neil
--
Neil Hunt
Systems Engineer
Solnet Pty Ltd
Never trust a man, who, when left in a room with a tea cozy, doesn't try it
on - Billy Connelly
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
