Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Is it possible for LAN users to go online without configuring a access List

Hi

I am using pix firewall.firewall is connected outside interface is connected to ISP;Inside interface is connected to a switch and users are connected to the switch.

Without configuring a access list to allow incoming traffic,is it possible for users to go online.

Please help.

Regards

Arulkumar

2 REPLIES
Hall of Fame Super Blue

Re: Is it possible for LAN users to go online without configurin

arulkumar80 wrote:

Hi

I am using pix firewall.firewall is connected outside interface is connected to ISP;Inside interface is connected to a switch and users are connected to the switch.

Without configuring a access list to allow incoming traffic,is it possible for users to go online.

Please help.

Regards

Arulkumar

Arulkumar

Yes it is because the pix is a stateful firewall and it allows traffic from the inside to the outside without an access-list so the return traffic will be allowed back in.


What you will need to configure though is some form of NAT/PAT. Usually for internet access -

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

Jon

Re: Is it possible for LAN users to go online without configurin

Hi,

As long As Global (outside) & nat (inside) are configured , (the inside and outside keywords refer to the interface"s  names) , you dont need any access-list , as from Higher Security level to lower Security level , traffic are allowed to pass.

from Lower Security level Access to Higher Security level, An Access-list or Conduit must be used to permit the traffic.

HTH

Mohamed

176
Views
0
Helpful
2
Replies
CreatePlease to create content