Hi

I have got a PIX firewall with outiside,inside 2 subnets( 192.168.128.0 255.255.252.0 & 192.168.136.0 255.255.248.0)

and DMZ (192.168.132.0 255.255.254.0 ). Below are my config's for the same...please lemme know if it is right...the inside users need to communicate with DMZ and vise versa,as well as outside..Dmz also needs to access the inside & outside users .and outside needs to communicate with inside & DMZ...

--------------

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 outstation security50

enable password cisco encrypted

passwd Infy encrypted

hostname Firewall

domain-name cisco.com

!

!

interface ethernet0 100full

interface ethernet1 100full

interface ethernet2 100full

interface ethernet3 shutdown

interface ethernet4 shutdown

interface ethernet5 shutdown

!

ip address outside X.X.X.X 255.255.255.248

ip address inside 192.168.130.2 255.255.255.240

ip address Dmz 192.168.132.1 255.255.255.240

!

pdm history disable

arp timeout 14400

!

global (outside) 1 X.X.X.X X.X.X.X

nat (inside) 1 192.168.128.0 255.255.252.0

nat (inside) 1 192.168.136.0 255.255.248.0

nat (dmz) 1 192.168.132.0 255.255.252.0

global (dmz) 1 192.168.132.10-192.168.132.20 or instead of this line i can use the below two lines right for inside to DMZ

----------------------------------------------------------------------------

static (inside,dmz) 192.168.128.0 192.168.128.0 netmask 255.255.252.0

static (inside,dmz) 192.168.136.0 192.168.136.0 netmask 255.255.248.0

----------------------------------------------------------------------------

access-group acl_in in interface outside

access-list acl_in permit ip any DMZ Web server eq 80

route outside 0.0.0.0 0.0.0.0 x.x.x.x

route inside 192.168.128.0 255.255.255.0 192.168.130.1

thanks

Nagu