09-05-2007 01:57 PM - edited 03-11-2019 04:07 AM
I have a strange situation on a clients PIX firewall. We are connected to a partner (via our outside interface) and the partner now wishes to use the internet via our network for just a number of devices in a shared DMZ (i.e. the internet is now residing on the inside network. This means it is hard to declare a static that will allow inbound access to in effect 'any'.
Does anyone know if this is possible, and if so what the static command will look like, is it possible to do a 0.0.0.0 type thing..?
Thanks
09-11-2007 01:34 PM
I don't think that it is a good idea to have an inbound access to any network. It will be very tough to implement this (as per your scenario) and it can have a big security impact.
09-11-2007 11:40 PM
Hi Paul
You could use a nat exemption which is bi-directional although it would need testing against any other translations you have on the firewall ie.
access-list 101 permit ip any any
nat (inside) 0 access-list 101
By the way are you the Paul Thomsett that did work for Network Rail. If so, how are you ?. Hope everything is going well.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: