thanks paul, i appreciate all your help.

thanks

Paul - I have one more request to make. I also want to open port 554 & 1755 on this server on the DMZ. I want to be able to get to my server from the public side.

Here is the statemenet i had and it does not work:

access-list acl_out permit tcp any host 68.16.128.2 eq 554

access-list acl_out permit tcp any host 68.16.128.2 eq 1755

please help

Hi

Just add these two lines to the configuration..it should work.

static (dmz,outside) tcp interface 554 172.16.128.5 554 netmask 255.255.255.255

static (dmz,outside) tcp interface 1755 172.16.128.5 1755 netmask 255.255.255.255

Ashish

Thanks, I will let you know if it works. I am still new at this and just trying to get my way around it.

One more question, i would also like to allow Remote Admin from the Inside to the DMZ which mean i want to be able to remote desktop into this machine from the inside to DMZ.

Thanks

hi

As in the configuration you have already bypassed NAT between inside and dmz no extra configurartion is required.You will be able to login to your server through remote admin.

ashish

just an add-on.

pix be default permits traffic from higher security level to lower security level providing proper nat/global/static is configured.

inside interface default security level is 100;

outside interface default security level is 0;

dmz interface security level is any number in between.

so, the traffic originated from inside and destined for dmz/outside will be permitted by default by pix.