Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member


I have a customer with a PIX 515E which I recently configured using a combination of access lists and conduits. The customer has an unusual request. From the inside interface I can access the DMZ ok, and from the outside I can access the DMz as well. The customer wants the ability to access the inside from the DMZ. I beleive that this cannot be done as I have tried conduit and access-lists with no sucess. In addition, I do not think this to be a good idea given the risks involved with access from a DMZ to an inside interface. Your thoughs ?

Community Member

Re: Pix515e

I don't see why you would use access-list and conduits simultaneously, but either way since the dmz has lower security than the inside you would apply an access-list on the dmz interface specifying the services needed to enter the inside, just like you would for outside to dmz. You would also need static mappings to the inside hosts that need to be accessed. But I would not allow the entire inside to be accessed by the dmz.

CreatePlease to create content