i've got strange trouble with pix 535 [6.3(5)]:
preface, ACL are ok.
so....from inside to DMZ i've got a log like this:
%PIX-4-106023: Deny tcp src inside:10.xxx.xxx.xxx/46353 dst DMZ-fearehu:10.yyy.yyy.yyy/3389 by access-group "ACL-INSIDE"
but from outside to DMZ.....(same destination address)
%PIX-4-106023: Deny tcp src outside:10.zzz.zzz.zzz/46350 dst DMZ-fearehu:10.yyy.yyy.yyy/3389 by access-group "ACL-OUTSIDE"
route 10.yyy.yyy.yyy is directly connected and static are:
static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0
static (inside,DMZ-fearehu) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0
static (DMZ-fearehu,outside) 10.yyy.yyy.yyy 10.yyy.yyy.yyy netmask 255.255.255.224 0 0
do i have to add
static (outside,DMZ-fearehu) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0?
i've tried with a host NAT (ip from outside and does't work, always route to inside instead to DMZ...i've tried also a add a host route also if is direcly connected beut..nothing)..
why do i see the wrong routing?
PS: i've tried to sniff traffic, i can see syn entering to outside but not out from neither DMZ or inside....