Hi,

I have PIX 535 running 6.2(2) with 8 interfaces. The ip at the inside is 172.20.10.0/24 and one of the dmz-corporate is 172.20.30.0/24.

And the PIX interface in the respective networks have ip *.*.*.1.

I can ping from any host or device from these networks to the pix interface. But when it comes to communicate from the inside network to the may be dmz-corporate network, I cannot. I have access-list with ip any any in both directions, and the show route is

dcm-p535-mnpr# sh route

outside 0.0.0.0 0.0.0.0 200.90.134.2 1 OTHER static

FailOver 172.10.9.0 255.255.255.252 172.10.9.1 1 CONNECT static

DMZ-Mon 172.16.15.0 255.255.255.0 172.16.15.1 1 CONNECT static

DMZ-Mon 172.16.16.0 255.255.255.0 172.16.15.5 1 OTHER static

inside 172.20.10.0 255.255.255.0 172.20.10.1 1 CONNECT static

inside NOC-Operators 255.255.255.0 172.20.10.2 1 OTHER static

DMZ-Signaling 172.20.19.0 255.255.255.0 172.20.20.2 1 OTHER static

DMZ-Signaling 172.20.20.0 255.255.255.0 172.20.20.1 1 CONNECT static

DMZ-Corporate 172.20.30.0 255.255.255.0 172.20.30.1 1 CONNECT static

DMZ-Collocation 200.90.128.0 255.255.255.0 200.90.128.1 1 CONNECT static

DMZ-TCI-Services 200.90.132.0 255.255.255.0 200.90.132.1 1 CONNECT static

outside 200.90.134.0 255.255.255.0 200.90.134.1 1 CONNECT static

idcm-p535-mnpr#

What I might be missing. Are the route commands not enough to communicate, from one interface to the other. I am not using any routing between vlans or you can say different subnets on different interfaces.

Appreciate any input. I am not putting the config as it might be big, but if need can send that too.Appreciate your time, and the sooner the better.

Thanks,

Habib