I have a simple network on SSG20 running 6.3.0r13.0
Trust (2 interfaces: 10.1.1.0 and 10.66.0.0)
1 Untrust (1 Public interface - public ISP)
DMZ (1 interface 10.1.2.0)
Untrust is connected to static IP from ISP.
Untrust has VIP pointing to web server in DMZ (port 81) and a server in Trust (port 80)
The VIP to Trust works fine.
From DMZ I can access Trust and Untrust services (have Any-Any policies for now)
I have src-NATed DMZ-to-Untrust Policy
I have Internet access from Trust (and DMZ also) via route configuration. See attached cfg.
For the life of me, I cannot figure out why traffic is not getting forwarded from Internet to DMZ server! when I do a debug trace, I see traffic being forwarded to DMZ server (10.1.2.4), but nothing comes back. How can that be when the server 10.1.2.4 has all access to the outside?