I have a customer with a PIX 515E which I recently configured using a combination of access lists and conduits. The customer has an unusual request. From the inside interface I can access the DMZ ok, and from the outside I can access the DMz as well. The customer wants the ability to access the inside from the DMZ. I beleive that this cannot be done as I have tried conduit and access-lists with no sucess. In addition, I do not think this to be a good idea given the risks involved with access from a DMZ to an inside interface. Your thoughs ?
I don't see why you would use access-list and conduits simultaneously, but either way since the dmz has lower security than the inside you would apply an access-list on the dmz interface specifying the services needed to enter the inside, just like you would for outside to dmz. You would also need static mappings to the inside hosts that need to be accessed. But I would not allow the entire inside to be accessed by the dmz.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...