Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allow all PIX traffic from DMZ to inside interface

How can I allow all traffic from two DMZ interfaces of my 525 PIX to the inside interface of the PIX and then back from the inside interface to each DMZ? I think I have all of the traffic from the inside to the DMZs working ok but I need to open all traffic from the other direction as well. The networks on each of these DMZs belong to separate unrelated companies. My company wants these networks separated because of problems stemming from this and that's why the DMZs. Unfortunately they still have to access the inside interface of the PIX. Can someone enlighten me on how to accomplish this or work around it if it's impossible? All help is appreciated, thanks.

Paul Stapleton

New Member

Re: Allow all PIX traffic from DMZ to inside interface


By allowing all devices on the DMZ networks to initiate communications with devices on the internal network make the use of DMZ networks useless. The whole idea is that you place servers in a DMZ to protect your inside resources.

In case you decide to go ahead with it, you could use the following solution. Replace the IP address I use in this example with your real inside IP addresses (and mask)

static (inside,dmz1) netmask

access-list dmz1 permit ip any any

access-list dmz1 permit icmp any any

access-group dmz1 in interface dmz1

CreatePlease to create content