Below is config for my pix I'm working with. However, I can't connect to FTP from the inside when allowing FTP ports both TCP and UDP. However, when I allow all ports (i.e. permit IP any any) it works fine. What gives?
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
ip address outside 18.104.22.168 255.255.255.0
ip address inside 192.168.1.253 255.255.255.0
ip address dmz 10.0.0.1 255.255.255.0
global (outside) 1 22.214.171.124-126.96.36.199 netmask 255.255.255.0
global (outside) 1 188.8.131.52 netmask 255.255.255.255
see NATing from DMZ to outside will requires only if you want to access outside i.e. internet from DMZ interface.if u want to give access to ftp server on DMZ from outside then combination of static and access-list commands is absolutely fine.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...