Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help with basic config

What I need to do is verify IP connectivity tro' PIX. So I want to pass thro' all the traffic IN and OUT of PIX. Can I accomplish this with following config?

global (outside) 1 interface

nat (inside) 1 0 0

access-list from_inside permit any any

access-list from_outside permit any any

I am using external INT IP for PATTING towards the Internet. Do I need static map for the web server?

New Member

Re: Help with basic config

that should allow traffic to flow for testing but you should not allow traffic from outside in arbitrarily. Also if you are generating traffic from the outside inbound to test you will need a static NAT for whatever inside resources you are trying to access from the outside.

Re: Help with basic config

Hi .. with that configuration you will have Outbound access from teh inside only. The Inbound traffic even thought you are allowing it on the access list it requires a static NAT translation to make any device behind you PIX reachable from the Internet .. i.e lets say you have a web server behind your PIX with Ip then you need to configure a Static NAT using a public Ip address so that users from the Internet can reach your web server ..i.e

static (inside,outside) netmask

access-list from_outside extended permit tcp any host eq www

I hope it helps .. please rate it if it does !!!

CreatePlease login to create content