Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

basic pix 535 config-connectivity between inside and the dmz

Hi,

I have PIX 535 running 6.2(2) with 8 interfaces. The ip at the inside is 172.20.10.0/24 and one of the dmz-corporate is 172.20.30.0/24.

And the PIX interface in the respective networks have ip *.*.*.1.

I can ping from any host or device from these networks to the pix interface. But when it comes to communicate from the inside network to the may be dmz-corporate network, I cannot. I have access-list with ip any any in both directions, and the show route is

dcm-p535-mnpr# sh route

outside 0.0.0.0 0.0.0.0 200.90.134.2 1 OTHER static

FailOver 172.10.9.0 255.255.255.252 172.10.9.1 1 CONNECT static

DMZ-Mon 172.16.15.0 255.255.255.0 172.16.15.1 1 CONNECT static

DMZ-Mon 172.16.16.0 255.255.255.0 172.16.15.5 1 OTHER static

inside 172.20.10.0 255.255.255.0 172.20.10.1 1 CONNECT static

inside NOC-Operators 255.255.255.0 172.20.10.2 1 OTHER static

DMZ-Signaling 172.20.19.0 255.255.255.0 172.20.20.2 1 OTHER static

DMZ-Signaling 172.20.20.0 255.255.255.0 172.20.20.1 1 CONNECT static

DMZ-Corporate 172.20.30.0 255.255.255.0 172.20.30.1 1 CONNECT static

DMZ-Collocation 200.90.128.0 255.255.255.0 200.90.128.1 1 CONNECT static

DMZ-TCI-Services 200.90.132.0 255.255.255.0 200.90.132.1 1 CONNECT static

outside 200.90.134.0 255.255.255.0 200.90.134.1 1 CONNECT static

idcm-p535-mnpr#

What I might be missing. Are the route commands not enough to communicate, from one interface to the other. I am not using any routing between vlans or you can say different subnets on different interfaces.

Appreciate any input. I am not putting the config as it might be big, but if need can send that too.Appreciate your time, and the sooner the better.

Thanks,

Habib

1 REPLY
Cisco Employee

Re: basic pix 535 config-connectivity between inside and the dmz

To enable connectivity from inside to dmz, you also need to have nat (inside) and global (dmz) commands configured.

http://www.cisco.com/warp/public/707/28.html#topic1

hope this helps,

~Nairi

111
Views
4
Helpful
1
Replies
CreatePlease login to create content