I'm having trouble configuring my PIX 515E to allow access from the DMZ interface to a server that resides on the inside interface. Both DMZ and inside interfaces use public IP using NAT 0. Using a computer on the DMZ I can access any hosts on the outside, but not the server on the inside.
Here are the relevant (I think) portions of the configuration:
ip address outside 192.64.x.x 255.255.255.0
ip address inside 134.39.x.x 255.255.255.0
ip address dmz 168.156.x.x 255.255.255.128
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
nat (dmz) 0 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 134.39.x.x 134.39.x.x netmask 255.255.255.0
static (dmz,outside) 168.156.x.x 168.156.x.x netmask 255.255.255.128
static (inside,dmz) 168.156.x.x 168.156.x.x netmask 255.255.255.128
access-list acl_dmz permit tcp any host 134.39.x.x (internal server IP) eq 80
access-list acl_dmz deny ip any 134.39.x.x 255.255.255.0
access-list acl_dmz permit ip any any
access-group acl_dmz in interface dmz
All the examples I can find use NAT on either or both the DMZ and inside interfaces, so I'm not sure what exactly I'm doing wrong here. Any suggestions?
Here are the relevant (I think) portions of the configuration:
ip address outside 192.64.x.x 255.255.255.0
ip address inside 134.39.x.x 255.255.255.0
ip address dmz 168.156.x.x 255.255.255.128
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
nat (dmz) 0 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 134.39.x.x 134.39.x.x netmask 255.255.255.0
static (dmz,outside) 168.156.x.x 168.156.x.x netmask 255.255.255.128
static (inside,dmz) 168.156.x.x 168.156.x.x netmask 255.255.255.128
access-list acl_dmz permit tcp any host 134.39.x.x (internal server IP) eq 80
access-list acl_dmz deny ip any 134.39.x.x 255.255.255.0
access-list acl_dmz permit ip any any
access-group acl_dmz in interface dmz
All the examples I can find use NAT on either or both the DMZ and inside interfaces, so I'm not sure what exactly I'm doing wrong here. Any suggestions?