I am attempting to set up a new interface on our PIX 525E so that we can replicate data over it for a disaster recovery site.

Internal addresses: 10.0.0.0 255.0.0.0

DR Site addresses: 192.168.0.0 255.255.255.0

External address: aaa.bbb.ccc.xxx (for privacy)

I've gone through the steps listed for configuring a PIX with multiple interfaces with NAT and PAT, but the traffic still isn't flowing.

We use VLANs on the internal network, but I don't think they affect the firewall or its interfaces.

Here's the config:

PIX Version 6.3(3)

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

interface ethernet3 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security4

nameif ethernet3 DRSite security90

hostname FIREWALL

domain-name xxxxxxx.com

names

name 10.0.0.26 neoteris

name 10.0.0.24 FP02

name 10.0.0.60 exchange

name 10.0.0.31 citrix

access-list dmz_access_in permit tcp any host aaa.bbb.ccc.106 eq citrix-ica

access-list dmz_access_in permit tcp any host aaa.bbb.ccc.105 eq smtp

access-list outside_access_in permit tcp any host aaa.bbb.ccc.106 eq citrix-ica

access-list outside_access_in permit tcp any host aaa.bbb.ccc.106 eq www

access-list outside_access_in permit tcp any host aaa.bbb.ccc.107 eq www

access-list outside_access_in permit tcp any host aaa.bbb.ccc.106 eq https

access-list outside_access_in permit tcp any host aaa.bbb.ccc.107 eq https

access-list outside_access_in permit tcp any host aaa.bbb.ccc.105 eq smtp

access-list outside_access_in permit icmp any any

access-list inside_access_in permit tcp any any

access-list inside_access_in permit ip any any

access-list dmz_outbound_nat0_acl permit ip any any

access-list inside_outbound_nat0_acl permit ip 10.0.0.0 255.0.0.0 192.168.0.0 255.255.255.0

access-list DRSite_access_in permit tcp any any

access-list DRSite_access_in permit udp any any

access-list DRSite_access_in permit ip any any

access-list DRSite_access_in permit icmp any any

mtu outside 1500

mtu inside 1500

mtu dmz 1500

mtu DRSite 1500

ip address outside aaa.bbb.ccc.2 255.255.255.0

ip address inside 10.255.0.254 255.255.255.0

ip address dmz 38.112.5.138 255.255.255.252

ip address DRSite 192.168.0.1 255.255.255.0

ip verify reverse-path interface outside

pdm location citrix 255.255.255.255 inside

pdm location exchange 255.255.255.255 inside

pdm location FP02 255.255.255.255 inside

pdm location 10.0.0.0 255.255.0.0 inside

pdm location 10.3.0.0 255.255.224.0 inside

pdm location 10.0.0.0 255.0.0.0 inside

pdm location 192.168.0.0 255.255.0.0 DRSite

pdm location 192.168.0.2 255.255.255.255 DRSite

pdm history enable

arp timeout 14400

global (outside) 1 interface

global (dmz) 1 interface

global (DRSite) 1 192.168.0.2-192.168.0.200

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 10.0.0.0 255.0.0.0 0 0

nat (dmz) 0 access-list dmz_outbound_nat0_acl

nat (DRSite) 1 192.168.0.0 255.255.255.0 0 0

static (inside,dmz) aaa.bbb.ccc.107 neoteris netmask 255.255.255.255 0 0

static (inside,outside) aaa.bbb.ccc.107 neoteris netmask 255.255.255.255 0 0

static (inside,outside) aaa.bbb.ccc.108 exchange netmask 255.255.255.255 0 0

static (inside,outside) aaa.bbb.ccc.105 exchange netmask 255.255.255.255 0 0

static (inside,outside) aaa.bbb.ccc.106 citrix netmask 255.255.255.255 0 0

static (inside,dmz) aaa.bbb.ccc.106 citrix netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

access-group dmz_access_in in interface dmz

access-group DRSite_access_in in interface DRSite

route outside 0.0.0.0 0.0.0.0 aaa.bbb.ccc.1 1

route inside 10.0.0.0 255.0.0.0 10.255.0.1 1

route DRSite 192.168.0.0 255.255.0.0 192.168.0.1 1

ntp server 192.5.41.40 source outside prefer