Static for inbound connection to any network

Unanswered Question
Sep 5th, 2007
User Badges:

I have a strange situation on a clients PIX firewall. We are connected to a partner (via our outside interface) and the partner now wishes to use the internet via our network for just a number of devices in a shared DMZ (i.e. the internet is now residing on the inside network. This means it is hard to declare a static that will allow inbound access to in effect 'any'.

Does anyone know if this is possible, and if so what the static command will look like, is it possible to do a type thing..?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Tue, 09/11/2007 - 13:34
User Badges:
  • Silver, 250 points or more

I don't think that it is a good idea to have an inbound access to any network. It will be very tough to implement this (as per your scenario) and it can have a big security impact.

Jon Marshall Tue, 09/11/2007 - 23:40
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Paul

You could use a nat exemption which is bi-directional although it would need testing against any other translations you have on the firewall ie.

access-list 101 permit ip any any

nat (inside) 0 access-list 101

By the way are you the Paul Thomsett that did work for Network Rail. If so, how are you ?. Hope everything is going well.



This Discussion