Cisco PIX... address transform...


Wonder if someone can point me in the right direction...? I have a PIX 515E that I'm using as an internal firewall in a classic internet | firewall | dmz | firewall | internal LAN config.

the inside (internal lan) interface address is and the outside (dmz) address is There are several hosts within the DMZ (,, etc).

Now what I want to do is reference a DMZ host (say using an inside network IP address ( say) - so that an internally connected PC can ping the DMZ host using the address.

I've issued the command "static (inside, outside)"

Then ACLed to allow "icmp any" to the DMZ host ( However, its not working? Can anyone give me any pointers to what is wrong here?

Any help greatly appreciated!



Reply to
Loading thread data ...

Shouldn't this be reversed? Try "static (inside, outside) 10.156.140 netmask"


Reply to


Your Network Setup ==============

DMZ ---(outside) Firewall (inside) --- LAN

Syntax of STATIC Command.

------------------------------------------ Pix(confif)# static [(Internal interface name, external interface name)]

Pix(confif)# static (inside, outside)

By default pix will permit traffice from Inside to outside , but outside to inside is denied by default. Make sure stateful feature is running so that when ping ECHO request and ECHO reply are passing through the pix.

Pls try this and let me know..

regards, dab.

Reply to
dabance Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.