Issue going from INSIDE to DMZ

In article , Matt wrote: :Why when I add the line: :static (dmz,inside) 10.200.1.0 10.200.1.0 netmask 255.255.255.0 0 0 :do I loose my alias workings?

The PIX 6.x documentation does not define the relative priorities of the 'alias' and 'static' command, so what you are trying to do has undefined results.

:dmz: 10.200.1.x :inside: 172.16.1.x :outside: 63.174.x.x

:At the moment from INSIDE I can't access the DMZ via the 10.200.1.x address.

You should not need any configuration to allow that access. Something else in your configuration is interfering.

:I currently have: :static (inside,dmz) 172.16.1.0 172.16.1.0 netmask 255.255.255.0 0 0 :which lets me go from DMZ to INSIDE... but I also want to go the other way.

Have you considered

access-list nonat permit ip 172.16.1.0 255.255.255.0 10.200.1.0 255.255.255.0 nat (inside) 0 access-list nonat

and drop the static's ?

:My aliases look like: alias (inside) 63.174.xxx.xxxx 10.200.1.25 255.255.255.255

access-list nonat deny ip 172.16.1.0 255.255.255.0 host 10.200.1.25 access-list nonat permit ip 172.16.1.0 255.255.255.0 10.200.1.0 255.255.255.0 nat (inside) 0 access-list nonat static (insize,dmz) 63.174.xxx.xxxx 10.200.1.25 netmask 255.255.255.255