Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
0
Helpful
2
Replies

Static for inbound connection to any network

pthomsett
Level 1
Level 1

‎09-05-2007 01:57 PM - edited ‎03-11-2019 04:07 AM

I have a strange situation on a clients PIX firewall. We are connected to a partner (via our outside interface) and the partner now wishes to use the internet via our network for just a number of devices in a shared DMZ (i.e. the internet is now residing on the inside network. This means it is hard to declare a static that will allow inbound access to in effect 'any'.

Does anyone know if this is possible, and if so what the static command will look like, is it possible to do a 0.0.0.0 type thing..?

Thanks

Labels:
0 Helpful
2 Replies 2

didyap
Level 6
Level 6

‎09-11-2007 01:34 PM

I don't think that it is a good idea to have an inbound access to any network. It will be very tough to implement this (as per your scenario) and it can have a big security impact.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎09-11-2007 11:40 PM

Hi Paul

You could use a nat exemption which is bi-directional although it would need testing against any other translations you have on the firewall ie.

access-list 101 permit ip any any

nat (inside) 0 access-list 101

By the way are you the Paul Thomsett that did work for Network Rail. If so, how are you ?. Hope everything is going well.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card