I have a cisco router with two eth interfaces one is 192.168.67.254 and the other is 10.0.1.1 now my problem is this. I am able to get to my DMZ at 172.16.1.x when I am on the 192.168.67.0 segment but not when I am on the 10.0.1 segment. I have added this line into my PIX box. access-list no-nat permit ip 10.0.0.0 255.255.0.0. Now when i do a port scan I can see two devices but I am unable to see my webmail ip of 172.16.1.10.