Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Static for inbound connection to any network

I have a strange situation on a clients PIX firewall. We are connected to a partner (via our outside interface) and the partner now wishes to use the internet via our network for just a number of devices in a shared DMZ (i.e. the internet is now residing on the inside network. This means it is hard to declare a static that will allow inbound access to in effect 'any'.

Does anyone know if this is possible, and if so what the static command will look like, is it possible to do a type thing..?



Re: Static for inbound connection to any network

I don't think that it is a good idea to have an inbound access to any network. It will be very tough to implement this (as per your scenario) and it can have a big security impact.

Hall of Fame Super Blue

Re: Static for inbound connection to any network

Hi Paul

You could use a nat exemption which is bi-directional although it would need testing against any other translations you have on the firewall ie.

access-list 101 permit ip any any

nat (inside) 0 access-list 101

By the way are you the Paul Thomsett that did work for Network Rail. If so, how are you ?. Hope everything is going well.