In article , Network-Guy wrote: :I'm trying to setup my PIX to allow access from a lower security level :DMZ to a higher security level DMZ.
:I have created the ACL's, but so far have not had any luck.
:Do I need a route statement or a static mapping between the DMZ's in :order to get this to work?
The usual rules for "lower security to higher security" apply: acl on the lower security interface plus a static mapping between the two interfaces. The static mapping can be a "static" statement or it can be a nat (HIGHERSECURITYDMZ) 0 access-list ACLNAME (in which case proxy arp will be disabled.)