Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help with basic config

What I need to do is verify IP connectivity tro' PIX. So I want to pass thro' all the traffic IN and OUT of PIX. Can I accomplish this with following config?

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

access-list from_inside permit any any

access-list from_outside permit any any

I am using external INT IP for PATTING towards the Internet. Do I need static map for the web server?

2 REPLIES
New Member

Re: Help with basic config

that should allow traffic to flow for testing but you should not allow traffic from outside in arbitrarily. Also if you are generating traffic from the outside inbound to test you will need a static NAT for whatever inside resources you are trying to access from the outside.

Re: Help with basic config

Hi .. with that configuration you will have Outbound access from teh inside only. The Inbound traffic even thought you are allowing it on the access list it requires a static NAT translation to make any device behind you PIX reachable from the Internet .. i.e lets say you have a web server behind your PIX with Ip 192.168.10.1 then you need to configure a Static NAT using a public Ip address so that users from the Internet can reach your web server ..i.e

static (inside,outside) 203.203.203.203 192.168.10.1 netmask 255.255.255.255

access-list from_outside extended permit tcp any host 203.203.203.203 eq www

I hope it helps .. please rate it if it does !!!

120
Views
0
Helpful
2
Replies
CreatePlease login to create content