Allow Inside Hosts Access to a DMZ without Translation

Unanswered Question
Jun 27th, 2007
User Badges:


Could you pls mail what exactly the below command will do ?

1) static (inside,dmz)

2) static (dmz,inside)

Pls mail me documentaion reference with multiple DMZ(1-4) configuration in PIX with translation and without address translation.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
srue Thu, 06/28/2007 - 08:43
User Badges:
  • Blue, 1500 points or more

you don't need 2), assuming is the host on the inside interface that needs access to the dmz.

You could also use nat zero to accomplish this:

nat (inside) 0 natzero_acl

access-list natzero_acl permit ip host host dmz_host_ip

gappavoo1 Thu, 06/28/2007 - 09:21
User Badges:


Thanks for your reply !

Pls clarify me, assuming a host in DMZ interface that needs to access inside the below commands is correct ?

static (dmz,inside)


acomiskey Thu, 06/28/2007 - 09:37
User Badges:
  • Green, 3000 points or more

No you would not need that.

For and to communicate between the inside and dmz, all you need is...

static (dmz,inside)


This Discussion