G'day, I'm having a little issue with my new PIX. I want to set it up with the internal addresses nat'd (1.3.0.0/255.255.0.0) and the dmz addresses not nat'd (x.x.x.0/255.255.255.224). The external interface is x.x.x.34/255.255.255.224, and the default route it x.x.x.33/255.255.255.224. From the internal and dmz I can ping the external, and the external can get at the dmz, but the internal network cannot see the dmz. At present the only access-list in there is permitting icmp through all interfaces. I have set: - nat (inside) 1 0 0 and tried various combinations of: - static (dmz,outside) x.x.x.0 x.x.x.0 netmask 255.255.255.224 I can't seem to find any examples of this sort of configuration anywhere, and am starting to wonder if it is actually possible (gee I hope so.. :) TIA Neil -- Neil Hunt Systems Engineer Solnet Pty Ltd Never trust a man, who, when left in a room with a tea cozy, doesn't try it on - Billy Connelly _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls