‘Help’ PIX 525 external network adapter IP, and can not be outside of the Internet and other networks ping通! A PIX 525, is now a net foreign port outside (10.205.10.206/26) be tainted ping通 machines in a network segment with its machines in a network segment can also visit static network address translation server. The question now is outside of the Internet and other networks such as the Internet 10.205.10.64/26 not ping通 outside of the mouth (10.205.10.206/26) has been unable to visit network server. Firewall configuration is as follows : PIX Version 6.3 (3) Interface ethernet0 10full Interface ethernet1 100full Interface ethernet2 100full Interface ethernet3 auto shutdown Interface ethernet4 auto shutdown Interface ethernet5 100full Nameif ethernet0 outside security0 Nameif ethernet1 inside security100 Nameif ethernet2 intf2 security4 Nameif ethernet3 intf3 security6 Nameif ethernet4 intf4 security8 Nameif ethernet5 dmz security50 Enable password 8Ry2YjIyt7RRXU24 encrypted Passwd 2KFQnbNIdI.2KYOU encrypted Hostname PIX 512 fixup protocol dns maximum-length Fixup protocol ftp 21 Fixup protocol h323 h225 1720 Fixup protocol h323 ras 1718-1719 Fixup protocol http 80 Fixup protocol http 7001 Fixup protocol http 7007 Fixup protocol http 9999 514 fixup protocol rsh 554 fixup protocol rtsp Fixup protocol sip 5060 Fixup protocol sip udp 5060 Fixup protocol skinny 2000 Fixup protocol SMTP 25 Fixup protocol sqlnet 1521 Fixup protocol tftp 69 Names Access-list 101 permit tcp any host eq at 10.205.10.201 Access-list 101 permit tcp any host eq at 10.205.10.202 Access-list 101 permit tcp any host eq at 10.205.10.203 Access-list 101 permit tcp any host eq at 10.205.10.204 Access-list 101 permit tcp any host eq at 10.205.10.205 Access-list 101 permit tcp any host 10.205.10.202 eq 7001 Access-list 101 permit tcp any host 10.205.10.202 eq 7007 Access-list 101 permit tcp any host 10.205.10.202 eq 9999 Access-list 101 permit any any icmp Access-list 101 permit tcp any host eq at 10.205.10.207 Access-list dmz permit any any icmp Access-list dmz permit any tcp host 134.34.62.165 Access-list dmz permit any tcp host 134.34.62.167 Access-list dmz permit any tcp host 134.34.62.166 Access-list dmz permit any tcp host 134.34.62.168 Access-list dmz permit any tcp host 134.34.62.164 Dmz permit tcp any any access-list Average power lines 24 Icmp permit 255.255.255.192 outside 10.205.10.192 Icmp permit 10.5.0.0 255.255.224.0 inside Mtu outside 1500 Mtu inside 1500 Mtu intf2 1500 Mtu intf3 1500 Mtu intf4 1500 Mtu dmz 1500 Ip address 10.205.10.206 outside 255.255.255.192 10.5.0.20 255.255.224.0 ip address inside No ip address intf2 No ip address intf3 No ip address intf4 134.34.62.161 255.255.255.0 ip address dmz Ip audit www.info.gov.hk action alarm Ip audit attack action alarm Pdm history enable Arp timeout 14400 Static (inside, outside) 10.5.0.9 netmask 255.255.255.255 0 0 10.205.10.201 Static (inside, outside) 10.5.0.3 netmask 255.255.255.255 0 0 10.205.10.202 Static (inside, outside) 10.5.0.1 netmask 255.255.255.255 0 0 10.205.10.203 Static (inside, outside) 10.5.0.2 netmask 255.255.255.255 0 0 10.205.10.204 Static (inside, outside) 10.5.0.4 netmask 255.255.255.255 0 0 10.205.10.205 Static (inside, dmz) 134.34.62.168 10.5.0.21 netmask 255.255.255.255 0 0 Static (inside, dmz) 134.34.62.165 10.5.0.22 netmask 255.255.255.255 0 0 Static (inside, dmz) 134.34.62.167 netmask 255.255.255.255 0 0 10.5.31.254 Static (inside, dmz) 134.34.62.166 10.5.0.23 netmask 255.255.255.255 0 0 Static (inside, dmz) 134.34.62.164 10.5.0.24 netmask 255.255.255.255 0 0 Static (inside, outside) 10.5.0.8 netmask 255.255.255.255 0 0 10.205.10.207 101 in interface outside access-group Access-group dmz in interface dmz 10.205.10.193 one route outside 0.0.0.0 0.0.0.0 Timeout xlate 3:00:00 Half-closed timeout conn 1:00:00 1:00:00 0:10:00 udp 0:02:00 rpc 0:10:00 h225 Mgcp timeout h323 0:05:00 0:02:00 0:05:00 sip 0:30:00 sip_media 0:05:00 absolute timeout uauth Aaa-server TACACS + protocol tacacs+ RADIUS protocol radius aaa-server LOCAL protocol local aaa-server No snmp-server location No contact snmp-server Snmp-server community public No snmp-server enable traps Floodguard enable Telnet 255.255.255.255 inside 10.5.31.254 Telnet 10.5.0.21 255.255.255.255 inside Telnet 10.5.0.22 255.255.255.255 inside Telnet 10.5.0.23 255.255.255.255 inside Telnet 10.5.0.1 255.255.255.255 inside Telnet 10.5.0.2 255.255.255.255 inside Telnet 10.5.0.3 255.255.255.255 inside Telnet 134.34.62.162 255.255.255.255 dmz Telnet timeout 5 Ssh timeout 5 Console timeout 0 Terminal width 80 Cryptochecksum:0149794e30348e977ad31503bdd4d04b : End Routing configuration as follows : Show route OTHER static one outside 0.0.0.0 0.0.0.0 10.205.10.193 1 CONNECT static inside 10.5.0.0 255.255.224.0 10.5.0.20 1 CONNECT static 10.205.10.206 10.205.10.192 outside 255.255.255.192 1 CONNECT static dmz 134.34.62.0 255.255.255.0 134.34.62.161 ‘Help’ PIX 525 external network adapter IP, and can not be outside of the Internet and other networks ping通! Relatively faint, how to broadcast the 10 intranet address? I use it on the DMZ is the internet address ‘Help’ PIX 525 external network adapter IP, and can not be outside of the Internet and other networks ping通! I actually these are within the network of networks. 10.5.0.0/19 network is the business of network 10.205.0.0 office network, office network to visit the network's mainframe business. Therefore, the increase in the firewall. [ Closed window ]