«

Hello,

Anyone have suggestions for this situation? I've got an inside network
192.168.10.1 255.255.255.0 on default vlan1 and a dmz network
192.168.1.0 255.255.255.0 on vlan 2.

My goal is to allow routing from the inside network to the dmz network.

I have a PIX 506e and Catalyst 2950. I believe I have the switch
configured correctly because I can ping addresses on the 192.168.1.0
network from the PIX. However, I cannot ping the PIX's dmz ip address
or beyond.

If I enable DEBUG ICMP TRACE on the PIX, the console does show it
receiving echo requests but no replies.

If I run SHOW ROUTE, I get this:
outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xx 1 OTHER static
outside xxx.0.0.0 255.0.0.0 xxx.xxx.xxx.xxx 1 CONNECT static
dmz 192.168.1.0 255.255.255.0 192.168.1.205 1 CONNECT static
inside 192.168.10.0 255.255.255.0 192.168.10.1 1 CONNECT static

Here is my PIX config. Any help is appreciated. Thanks.

interface ethernet0 auto
interface ethernet1 100full
interface ethernet1 vlan2 logical
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif vlan2 dmz security50
enable password xxx encrypted
passwd xxx encrypted
hostname xxx
domain-name prcinnovations.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.168.10.10 SERVER-Internal
name 80.15.200.19 SERVER-External
access-list outside_access_in permit tcp any host SERVER-External eq
www
access-list outside_access_in permit tcp any host SERVER-External eq
ftp
access-list outside_access_in permit tcp any host SERVER-External eq
ldap
access-list outside_access_in permit tcp any host SERVER-External eq
smtp
access-list outside_access_in permit tcp any host SERVER-External eq
3389
access-list outside_access_in permit tcp any host SERVER-External eq
pptp
access-list outside_access_in permit gre any host SERVER-External
access-list outside_access_in permit tcp any host SERVER-External eq
8585
access-list outside_access_in permit tcp any host SERVER-External eq
pop3
access-list inside_access_dmz permit ip any any
ip address outside 80.15.200.18 255.0.0.0
ip address inside 192.168.10.1 255.255.255.0
ip address dmz 192.168.1.205 255.255.255.0
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) SERVER-External SERVER-Internal netmask
255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_dmz in interface dmz
route outside 0.0.0.0 0.0.0.0 80.15.200.17 1

> My goal is to allow routing from the inside network to the dmz network

The Cisco CCO site is one of the place to look for configuration
examples

http://www.cisco.com/en/US/products/...ples_list.html

see "Configuring the PIX Firewall with Mail Server Access on DMZ
Network"
it looks to be the closest example for what you are trying to
accomplish

http://www.cisco.com/en/US/products/...8015efa9.shtml