[c-nsp] PIX route problems

Ted Mittelstaedt tedm at toybox.placo.com
Sun Jan 2 17:22:46 EST 2005



> -----Original Message-----
> From: Marr, Joe [mailto:jmarr at brodart.com]
> Sent: Sunday, January 02, 2005 7:21 AM
> To: Ted Mittelstaedt; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] PIX route problems
> 
> 
> interface ethernet0 100full
> interface ethernet1 100full
> interface ethernet2 100full
> interface ethernet2 vlan55 logical
> 
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> nameif ethernet2 dmz security50
> nameif vlan55 vpn security25
> 
> global (outside) 1 interface
> global (dmz) 1 interface
> nat (inside) 0 access-list 101
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> nat (dmz) 1 10.101.0.0 255.255.255.0 0 0
> nat (vpn) 0 access-list 103
> nat (vpn) 1 10.50.1.28 255.255.255.252 0 0
> 
> The DMZ is 10.net, with static static nat going to the outside and no
> natting going inside.
>

Are you sure that from the inside that the dmz doesen't appear natted?
Why is that global (dmz) statement there?

What are the contents of access-list 101 and 103?

Ted



More information about the cisco-nsp mailing list