I have a PIX 515E running 8.0.4.
It's configured with an outside2 interface with security level 4 (here I have an AIX-server, 10.174.253.24/27), and DMZ with security level 10 (here I have a windows-server with 192.168.102.13/24). Inside inteface of the PIX has 10.174.102.86/24.
From the server in the outside2 net, I can ping the PIX outside2 interface . Nice!
But when pinging from the outside2 AIX-server 10.174.253.24 to the 192.168.102.13, it doesn't work. The PIX sends the reply packet out on the inside interface, instead og directly back out on the outside2 interface. Why?
The pix has a route that says:
route inside 10.174.0.0 255.255.0.0 10.174.0.1 1
This is in the same range as the outside2 interface, but shouldn't it use the directly connected instead of the routing information?
I think you can overcome this by creating a subnet (/27) specific route for your AIX servers so that your packets doesn't go back to inside interface.