Can anyone help me out on this:
I'm used to setting up PIX's for internet usage either with Static NAT's, Dynamic NAT's or both with a router between the networks.
What I want to do is segment 2 private networks with a 515E, but I can't seem to get my head around not NAT'ing it and just routing between the 2 then controlling with a ACL.
example: 192.168.1.0/24 <-----> PIX <-----> 172.16.1.0/24
ip address outside 172.16.1.254 255.255.255.0
ip address inside 192.168.1.254 255.255.255.0
route outside 192.168.1.0 255.255.255.0 172.16.1.254 1
route inside 172.16.1.0 255.255.255.0 192.168.1.254 1
access-list local_A_in permit tcp host 172.16.1.1 host 192.168.1.1 eq www
access-group local_A_in in interface outside
access-list local_B_in permit tcp host 192.168.1.2 host 172.16.1.2 eq https
access-group local_B_in in interface inside
Where am I going wrong?
If there is not router (and no internet gateway) and if the default route of the host PCs is the firewall, the firewall will route traffic between it's connected subnet with no need to add any config.