Hi,
I have the following pix configuration
interface e0 nameif outside security-level 0 ip address 1.1.1.1
interface e1 nameif dmz security-level 50 ip address 2.2.2.1
interface e2 nameif inside security-level 100 ip address 3.3.3.1
access-list dmz-in permit tcp host 2.2.2.50 host 3.3.3.50 eq 514 access-group dmz-in in interface dmz
static (dmz,outside) 2.2.2.0 2.2.2.0 netmask 255.255.255.0 static (inside,dmz) 2.2.2.0 2.2.2.0 netmask 255.255.255.0
- access-list needs to be implemented from dmz to inside
- the hosts behind dmz need to be able to go to the internet
my question is:
Because dmz has higher security level than outside, with static implemented, will it be able to go to the internet, even there are access-lists applied in dmz interface?, thanks