Hello, I have the following line in my config in order that the internal hosts(10.0.0.0 net) do not get NAT'd when trying to access hosts on our DMZ segment:
static (inside, DMZ) 10.0.0.0 10.0.0.0 netmask 255.255.255.0 0 0 Now if I try to ssh from hostA(10.0.0.2) to hostB(10.0.0.3) I will get the following error logged on the PIX: 106001: Inbound TCP connection denied from 10.0.0.2/1740 to 10.0.0.3/22 flags SY N on interface DMZ For some reason the pix is assuming this operation involves the DMZ somehow.Now if I remove the statement: static (inside,DMZ) 10.0.0.0 10.0.0.0 netmask 255.255.255.0 0 0 I can ssh from hostA to hostB without a problem, however I will now not be able access hosts in my DMZ. Does anyone have any idea why this might be occuring? Thanks __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Mother's Day is May 12th! http://shopping.yahoo.com _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
