Hi
I have got a PIX firewall with outiside,inside 2 subnets( 192.168.128.0 255.255.252.0 & 192.168.136.0 255.255.248.0)
and DMZ (192.168.132.0 255.255.254.0 ). Below are my config's for the same...please lemme know if it is right...the inside users need to communicate with DMZ and vise versa,as well as outside..Dmz also needs to access the inside & outside users .and outside needs to communicate with inside & DMZ...
--------------
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 outstation security50
enable password cisco encrypted
passwd Infy encrypted
hostname Firewall
domain-name cisco.com
!
!
interface ethernet0 100full
interface ethernet1 100full
interface ethernet2 100full
interface ethernet3 shutdown
interface ethernet4 shutdown
interface ethernet5 shutdown
!
ip address outside X.X.X.X 255.255.255.248
ip address inside 192.168.130.2 255.255.255.240
ip address Dmz 192.168.132.1 255.255.255.240
!
pdm history disable
arp timeout 14400
!
global (outside) 1 X.X.X.X X.X.X.X
nat (inside) 1 192.168.128.0 255.255.252.0
nat (inside) 1 192.168.136.0 255.255.248.0
nat (dmz) 1 192.168.132.0 255.255.252.0
global (dmz) 1 192.168.132.10-192.168.132.20 or instead of this line i can use the below two lines right for inside to DMZ
----------------------------------------------------------------------------
static (inside,dmz) 192.168.128.0 192.168.128.0 netmask 255.255.252.0
static (inside,dmz) 192.168.136.0 192.168.136.0 netmask 255.255.248.0
----------------------------------------------------------------------------
access-group acl_in in interface outside
access-list acl_in permit ip any DMZ Web server eq 80
route outside 0.0.0.0 0.0.0.0 x.x.x.x
route inside 192.168.128.0 255.255.255.0 192.168.130.1
thanks
Nagu