Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
0
Helpful
2
Replies

PIX 535 connectivity issue

habibd
Level 1
Level 1

‎11-09-2002 02:53 PM - edited ‎02-20-2020 10:21 PM

Hi,

I have pix 535 with 6.2(2). I have the inside with address as 172.20.10.0/24, with 172.20.10.1 as the pix interface. One of the DMZ's that is DMZ-corporate, with network 172.20.30.0/24, and 172.20.30.1 as the pix interface address.

I have configured the route command, the output of show route

idcm-p535-mnpr# sh route

outside 0.0.0.0 0.0.0.0 200.90.134.2 1 OTHER static

FailOver 172.10.9.0 255.255.255.252 172.10.9.1 1 CONNECT static

DMZ-Mon 172.16.15.0 255.255.255.0 172.16.15.1 1 CONNECT static

DMZ-Mon 172.16.16.0 255.255.255.0 172.16.15.5 1 OTHER static

inside 172.20.10.0 255.255.255.0 172.20.10.1 1 CONNECT static

inside NOC-Operators 255.255.255.0 172.20.10.2 1 OTHER static

DMZ-Signaling 172.20.19.0 255.255.255.0 172.20.20.2 1 OTHER static

DMZ-Signaling 172.20.20.0 255.255.255.0 172.20.20.1 1 CONNECT static

DMZ-Corporate 172.20.30.0 255.255.255.0 172.20.30.1 1 CONNECT static

DMZ-Collocation 200.90.128.0 255.255.255.0 200.90.128.1 1 CONNECT static

DMZ-TCI-Services 200.90.132.0 255.255.255.0 200.90.132.1 1 CONNECT static

I am not able to communicate either from 172.20.10.0 network to 172.20.30.0 n/w or vise versa.

What am I missing. I have the pix as the default gateway on the devices in the respective networks.

Appreciate comments.

Thanks,

Habib

0 Helpful
2 Replies 2

Nairi Adamian
Cisco Employee
Cisco Employee

‎11-10-2002 04:04 PM

To enable connectivity from inside to dmz, you also need to have nat (inside) and global (dmz) commands configured.

http://www.cisco.com/warp/public/707/28.html#topic1

hope this helps,

~Nairi

0 Helpful

habibd
Level 1
Level 1
In response to Nairi Adamian

‎11-11-2002 06:47 AM

Hi Nairi,

Thanks for the info.

One clarification, so to communicate from a higher security to a lower security interface you require NAT. And for Communicating from lower security to higher security interface you require some sort of translation. This translation is it only static translation only or I can use something else.

What my concern is, I was thinking that if I have a route on the PIX to various network and when a packet comes from one network to go to the other, the routes are not enough and you require some translation.

Appreciate your clarification.

Thanks,

Habib Dashti

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card