gotta put static or nat translation statements for ANY traffic. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of ramesh c Sent: Friday, November 22, 2002 1:48 AM To: [EMAIL PROTECTED] Subject: Pix question [7:57869]
Configuration nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 dmz security50 interface ethernet0 10baset interface ethernet1 10baset interface ethernet0 100basetx ip address outside 209.165.201.2 255.255.255.248 ip address inside 192.168.7.0 255.255.255.0 ip address dmz 172.16.1.0 255.255.255.0 hostname pixfirewall arp timeout 14400 no failover names pager lines 24 logging buffered debugging access-list acl_out permit tcp any host 209.165.201.19 access-group acl_out in interface outside route outside 0.0.0.0 0.0.0.0 209.165.201.1 1 access-list ping_acl permit icmp any any access-group ping_acl in interface inside access-group ping_acl in interface dmz access-list acl_out permit icmp any any timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 My question is ,can my systems from inside initiate connection to dmz with the above configuration?.meaning can the Pix act as a router?Since i read inside can initiate connection to dmz or outside by default _____________________________________________________________ Get 25MB, POP3, Spam Filtering with LYCOS MAIL PLUS for $19.95/year. http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57871&t=57869 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]