I am setting up a pair of PIX 506e with a DMZ between them. I am having a problem getting traffic from my DMZ into the LAN. For testing I have put an test ACL to permit anything but its still giving me issues. The outside PIX is doing the NAT/PAT and this one is doing the SNAT. When I do show access-list I can see the hits incrementing on the test ACL but I still can not get a response from my pings. Does this ring a bell with anyone? Here are the configs from the inside PIX.
interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname inside clock timezone EST -5 clock summer-time EDT recurring fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list test permit ip any any pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside DMZ.110 255.255.255.240 ip address inside LAN.5 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 0.0.0.0 0.0.0.0 0 0 static (inside,outside) LAN_IP.2 DMZ_IP.100 netmask 255.255.255.255 0 0 static (inside,outside) LAN_IP.4 DMZ_IP.101 netmask 255.255.255.255 0 0 static (inside,outside) LAN_IP.209 DMZ_IP.102 netmask 255.255.255.255 0
0 static (inside,outside) LAN_IP.247 DMZ_IP.103 netmask 255.255.255.255 0 0 static (inside,outside) LAN_IP.248 DMZ_IP.104 netmask 255.255.255.255 0 0 static (inside,outside) LAN_IP.10 DMZ_IP.106 netmask 255.255.255.255 0 0 access-group test in interface outside route outside 0.0.0.0 0.0.0.0 DMZ_IP.97 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local aaa-server partnerauth protocol radius aaa-server partnerauth max-failed-attempts 3 aaa-server partnerauth deadtime 10 ntp server 209.198.87.41 source outside floodguard enable console timeout 10 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside terminal width 80 banner motd This is a private system...begone!