Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

firewalls

Hi all, when configuring a firewall say pix 501, is all traffic allowed outbound by default, so if I use PAT to get to the internet for 192.168.1.0 range, will all hosts be allowed out by default?

3 REPLIES

Re: firewalls

Hi Carl

By default outbound traffic will be permitted and you can access the net using NAT/PAT feature..

if you want to have some kinda inbound access then you need to create proper access lists to allow the remote ip's to access your local resources...

Also do remember you need to have one to one NAT configured for inbound access...

regds

New Member

Re: firewalls

thankyou, i gather this is same for dmz, inside can connect to dmz but not other way around unless access list is in place to allow it ?

Re: firewalls

Hi Carl

To put it on a simple note anything from High Security Zone to Low Security Zone ( Inside to Outside/DMZ) is permitted with necessary NAT statements.

You need to have Access-lists to permit traffic Low Security Zone to High Security Zone (Outside to DMZ or DMZ to Inside or Outside to Inside)..

regds

107
Views
0
Helpful
3
Replies
CreatePlease login to create content