The server is located inside. The client or partner server is on the outside. The inside machine, 110, uses a static NAT to retain its public address. The outside machine, 109 , also uses a public address that has a conduit to allow all IP traffic inside. The statndard fixup is implemented. The packets are unicast. I hesitate to post the config for security reasons.

If the inside server initates the connections, you only need a nat to allow the access.

If the partner server initates the connections, you need a static, nat, and access-list.

eg. nat (inside) 0 access-list no-nat or {nat (inside) 0 x.x.x.x. 255.255.255.255}

static (inside,outside) x.x.x.x x.x.x.x netmask 255.255.255.255

access-list no-nat permit ip host x.x.x.x any/host y.y.y.y (where y.y.y.y is your partner server)

access-list 101 permit tcp host y.y.y.y host x.x.x.x eq 2000/2010/2020/2200

access-group 101 in interface outside

Steve

We have oneway communication from the inside out. The outside in communication is broken and I have no restrictions on traffic from the network the outside server 109 resides on. Sniffer traces of the communication show successfull syn, ack, and synacks taking place. But the application will not work unless they are outiside the firewall. A packet debug of the PIX for the source and destination turned up nothing except that the interfaces saw the packets or at least some of the packets. We have hundreds of machines including two mainframes and netbeui traffic accessing resources from these same subnets in both directions.