Just set a static command for your inside addresses Say your inside network is 10.1.1.0/24 and your dmz is named dmz, the static would be:
Static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 There are a couple of Cisco pages to explain further: http://www.cisco.com/warp/public/110/mailserver.html http://www.cisco.com/warp/public/110/mailserver_dmz.html Glenn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of kk downing Sent: Tuesday, March 26, 2002 7:53 PM To: [EMAIL PROTECTED] Subject: PIX DMZ access with NAT internal hosts Hello, I have host are an internal network wich are being NATd to a global legal IP address. I also have a mail server on the DMZ which is also being NATd to a global IP address. When I try to connect from a host on the internal network to the mail server I see the the PIX build the translation to the public IP address and the connecton fails. What is the proper procedure to let the internal hosts access to the mail server on the DMZ? I would think that the internal hosts which come from a higher security interface would be allowed to access the mailhost on the dmz which of course is a lower security interface. Is there a way to not NAT my internal hosts for access to the mailhost? Thanks in advance __________________________________________________ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy AwardsR http://movies.yahoo.com/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
