This one (and a bit of testing with ACL's) seemed to do the trick ....
thanks to everyone that replied. I still don't really see the logic behind
it (I tried exactly the same statement, but with the genuine subnets of
the dmz & internal instead of both being the internal subnet), but as long
as it's working I don't mind :)
I know that the config is a bit of a mess, I inherited it from a past
employee ... I'll get around to fixing it one day. I have a vague plan to
upgrade to 7.0 and rewrite the config from scratch - but of course,
difficult to do on a production system.
Once again, thanks.
Regards,
Chris Mitchell
> I would simply conifgure the internal subnet to map to the DMZ with no
> address translation. So, using "static (internal,dmz) 10.133.24.0
> 10.133.24.0 netmask 255.255.255.0" would allow the computer at
> 10.134.1.2 to simply access 10.133.24.3 directly.
>
>
> --
> John
>
>
> -----Original Message-----
> From: Chris Mitchell
>
> PIX newbie here, not really a firewall guy but need to get some stuff
> done with it, and am pretty good at basic configs. I have a 515E with 3
> interfaces (inside, outside, DMZ)- I need to allow access from a host in
> the DMZ to an internal host.
>
> DMZ host - 10.134.1.2
> Internal host - 10.133.24.3
>
> ====================================================
> This email is confidential and intended solely for the use of the
> individual or organization to whom it is addressed. Any opinions or
> advice presented are solely those of the author and do not necessarily
> represent those of the Millward Brown Group of Companies. If you are
> not the intended recipient of this email, you should not copy, modify,
> distribute or take any action in reliance on it. If you have received
> this email in error please notify the sender and delete this email
> from your system. Although this email has been checked for viruses
> and other defects, no responsibility can be accepted for any loss or
> damage arising from its receipt or use.
> ====================================================
>
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|