If dmz1 has a higher security value then dmz2 then your static line is correct. ... but doesn't that then break the conduit statement? Maybe it should be: conduit permit ip host 172.16.1.10 10.1.1.0 255.255.255.0
> -----Original Message----- > From: Karagozian Sarkis [mailto:[EMAIL PROTECTED]] > Sent: Friday, June 07, 2002 11:39 AM > To: [EMAIL PROTECTED] > Subject: RE: PIX Static and Conduit [7:46000] > > > Hi Daniel, > > Thanks for clarifying that Static is (High,low) low high .... > > the only thing is that, dmz2 is shown to be on the outside > (1st tier netwk), dmz2 (2nd tier netwk) or private network, > where 10.1.1.0 > network is. > > If this is the case then, should it be written as: > > static (dmz1,dmaz2) 172.161.10 10.1.1.1 netmask 255.255.255.255 > conduit permit tcp host 10.1.1.1 10.1.1.0 255.255.0 > > which now makes sense to me. > Static (high nameif,low nameif) lowIP HighIP ... > > Thanks again for your excellent expalnation. > Brgds. > > Sarkis Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46041&t=46000 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
