I am configuring a PIX 515e Software Version 6.1(4) and would like to give access to all traffic accessing the DMZ. I thought this would work: ("dmz" is the interface name)
access-list acl_dmz permit ip any any
access-group acl_dmz in interface dmz
I still cannot ping the interface or any hosts on the subnet. It obviosly does not work like the "inside" interface.
I realize I am attempting to open the interface completely - I want to get our sustem back up and work from there. After re-establishing connectivity, I will be configuring a VPN tunnel to another new PIX at a remote site. From there I will start closing things down.
I was hoping the configuration was as quick and easy as opening up the other interfaces...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...