Hello,
with my Pix I had the following setup:
outside --- Pix --- inside
Now I added a separate LAN for external PCs. I added this Lan to interface ethernet 2. Now things look like this:
outside --- Pix --- inside | +----- guests
Guests have adresses 192.168.20.x, inside computers 10.1.y.x . Guests are able to connect to outside using NAT & PAT. But I can't get the connection between guests and inside to work. The relevant config of the Pix:
interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto
nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 guests security50 access-list guest-in permit ip any any access-list guest-in permit icmp any any
ip address outside 192.168.2.253 255.255.255.248 ip address inside 10.1.1.1 255.255.0.0 ip address guests 192.168.20.254 255.255.255.0
global (outside) 1 195.37.209.97 global (outside) 2 195.37.209.98 nat (inside) 1 10.1.0.0 255.255.0.0 0 0 nat (guests) 2 192.168.20.0 255.255.255.0 0 0
static (inside,guests) 192.168.20.0 192.168.20.0 netmask 255.255.255.0 0 0
access-group guest-in in interface guests
route outside 0.0.0.0 0.0.0.0 192.168.2.254 1
The Pix is able to ping to guests, inside is not able to reach guests. What I am missing?
Regards, Christoph Gartmann