Ramesh,
As to routing, the PIX will forward packets from one interface to another,
but you have to do certain things to accomplish this:
From higher security level to lower, you need nat and global commands; from
lower to higher, you need static and access-list commands.
Fro external people accessing the DMZ, you also need a static command, and I
assume that you have applied the ACL to the PIX's outside interface.
As to the inside interface accessing the DMZ, you'll need to set up a nat
and global command set (or use nat 0 to disable NAT between the two
networks).
ramesh c wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
1)I got traffic flowing from outside to dmz.I got a mail server sitting on
the dmz.
access-list acl_outside permit tcp any host mail eq smtp
Do I need to the following?or just the access-list will do?
static (dmz,outside) mail mail netmask 255.255.255.255 0
2)Can inside access DMZ without nat commands?.Meaning can pix act as a
router?
--
Richard A. Deal
Visit my home page at http://home.cfl.rr.com/dealgroup/
Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access
Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration
Exam Cram
Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco
exams on the market.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=57707t=57686
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
