Hi,
I have PIX 535 running 6.2(2) with 8 interfaces. The ip at the inside is 172.20.10.0/24 and one of the dmz-corporate is 172.20.30.0/24.
And the PIX interface in the respective networks have ip *.*.*.1.
I can ping from any host or device from these networks to the pix interface. But when it comes to communicate from the inside network to the may be dmz-corporate network, I cannot. I have access-list with ip any any in both directions, and the show route is
dcm-p535-mnpr# sh route
outside 0.0.0.0 0.0.0.0 200.90.134.2 1 OTHER static
FailOver 172.10.9.0 255.255.255.252 172.10.9.1 1 CONNECT static
DMZ-Mon 172.16.15.0 255.255.255.0 172.16.15.1 1 CONNECT static
DMZ-Mon 172.16.16.0 255.255.255.0 172.16.15.5 1 OTHER static
inside 172.20.10.0 255.255.255.0 172.20.10.1 1 CONNECT static
inside NOC-Operators 255.255.255.0 172.20.10.2 1 OTHER static
DMZ-Signaling 172.20.19.0 255.255.255.0 172.20.20.2 1 OTHER static
DMZ-Signaling 172.20.20.0 255.255.255.0 172.20.20.1 1 CONNECT static
DMZ-Corporate 172.20.30.0 255.255.255.0 172.20.30.1 1 CONNECT static
DMZ-Collocation 200.90.128.0 255.255.255.0 200.90.128.1 1 CONNECT static
DMZ-TCI-Services 200.90.132.0 255.255.255.0 200.90.132.1 1 CONNECT static
outside 200.90.134.0 255.255.255.0 200.90.134.1 1 CONNECT static
idcm-p535-mnpr#
What I might be missing. Are the route commands not enough to communicate, from one interface to the other. I am not using any routing between vlans or you can say different subnets on different interfaces.
Appreciate any input. I am not putting the config as it might be big, but if need can send that too.Appreciate your time, and the sooner the better.
Thanks,
Habib