Neil,
Since you'll be NAT'ing from the INSIDE to DMZ, you'll need to setup a
Global statement for the DMZ as you did for the outside. As an example
nat (inside) 1 0 0
global (outside) 1 x.x.x.x 255.255.255.x
global (dmz) 1 x.x.x.x 255.255.255.x
You'll need to provide a global address that's part of the DMZ subnet, or
use the INTERFACE command to PAT from INSIDE to DMZ using the IP address of
the DMZ interface:
global (dmz) 1 interface
Regards,
Shawn
> G'day,
> I'm having a little issue with my new PIX. I want to set it
> up with the
> internal addresses nat'd (1.3.0.0/255.255.0.0) and the dmz addresses
> not nat'd (x.x.x.0/255.255.255.224). The external interface is
> x.x.x.34/255.255.255.224, and the default route it
> x.x.x.33/255.255.255.224.
> From the internal and dmz I can ping the external, and the
> external can
> get at the dmz, but the internal network cannot see the dmz.
> At present
> the only access-list in there is permitting icmp through all
> interfaces.
> I have set: -
> nat (inside) 1 0 0
> and tried various combinations of: -
> static (dmz,outside) x.x.x.0 x.x.x.0 netmask 255.255.255.224
>
> I can't seem to find any examples of this sort of configuration
> anywhere, and am starting to wonder if it is actually possible (gee I
> hope so.. :)
> TIA
> Neil
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
