Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
321
Views
0
Helpful
2
Replies

Is it possible for LAN users to go online without configuring a access List

arulkumar80
Level 1
Level 1

‎01-19-2010 03:32 AM - edited ‎03-11-2019 09:58 AM

Hi

I am using pix firewall.firewall is connected outside interface is connected to ISP;Inside interface is connected to a switch and users are connected to the switch.

Without configuring a access list to allow incoming traffic,is it possible for users to go online.

Please help.

Regards

Arulkumar

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎01-19-2010 04:52 AM 

arulkumar80 wrote:
Hi
I am using pix firewall.firewall is connected outside interface is connected to ISP;Inside interface is connected to a switch and users are connected to the switch.
Without configuring a access list to allow incoming traffic,is it possible for users to go online.
Please help.
Regards
Arulkumar

Arulkumar

Yes it is because the pix is a stateful firewall and it allows traffic from the inside to the outside without an access-list so the return traffic will be allowed back in.


What you will need to configure though is some form of NAT/PAT. Usually for internet access -

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

Jon

0 Helpful

Mohamed Sobair
Level 7
Level 7

‎01-19-2010 05:47 AM

Hi,

As long As Global (outside) & nat (inside) are configured , (the inside and outside keywords refer to the interface"s  names) , you dont need any access-list , as from Higher Security level to lower Security level , traffic are allowed to pass.

from Lower Security level Access to Higher Security level, An Access-list or Conduit must be used to permit the traffic.

HTH

Mohamed

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card