inside,dmz static

I'm trying to setup a static that will allow everyhing in my dmz (lets say) 172.23.0.0 access my inside range 172.22.0.0 . The problem is without the static the dmz cant find the 172.22. and i need this for a spam firewall plugin.

Reply to
erik
Loading thread data ...

In article , erik wrote: :I'm trying to setup a static that will allow everyhing in my dmz (lets :say) 172.23.0.0 access my inside range 172.22.0.0 . The problem is :without the static the dmz cant find the 172.22. and i need this for a :spam firewall plugin.

I suspect you don't really want -all- of your inside reachable, but anyhow.

You have two choices:

A) static (inside,dmz) 172.22.0.0 172.22.0.0 netmask 255.255.0.0

B) access-list nonat permit ip host 172.22.0.0 255.255.0.0 172.23.0.0 255.255.0.0 nat (inside) 0 access-list nonat

Yes, the second one is in the form of a 'nat' but it effectively does a static as well.

The main difference between the two is that proxy arp will not be active for the second of these, so your dmz hosts would have to know to use the PIX as their default gateway (which you probably already have set up... it's an issue that comes up more with routers.)

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.