We have a PIX 515 with 6.2(2). Have an Outside, Inside, and DMZ interface. We need to block specific ip addresses from the outside but not to the DMZ. The DMZ has our web server, but we cannot allow the specific IP address to access the Interent. When I add a rule to deny the ip address on the inside to the outside, it also blocks access to the DMZ.
I also tried a RADIUS server, but this also required a userid to access the DMZ. I want full access to the DMZ from the inside, but authenticated to the outside.
Thanks for your help and consideration.