I am running a pair of FWSM with version 3.2 code with multiple firewall contexts. I have one context set up as a DMZ (x.x.153.32/27)and another as an application vault (10.x.233.0.24). The DMZ has public address space and the App Vault has private. I try to get a citrix server in the DMZ to talk to a presentation server in the App Vault but never get traffic to flow. I have rules that permit IP between the two context IP ranges bi-directionally but still no traffic. Do I need to designate the vlans so that both context see the vlans in use by the otehr? I have a common vlan on the non-hostile interfaces (x.x.152.0/24) which share a common vlan to my network (VL 152). The hostile areas have different vlans of course which are designated on their hostile interfaces. I can ping from the firewall context to the individual IP addresses (x.x.153.34 and 10.x.233.34) but not from host to host. I have attached sanitized configurations for both instances.