Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Static xlate issue from lower to higher security level

The issue I have is that I have a multi interface pix, seperating several business areas. One of these is a sec50 level, which can't be changed. 3 hosts on this segment require internet access which will traverse via the inside sec100 interface. How do I get around the static command as I essentially need a static to allow this interface to xlate to any IP?

As mentioned I can't change the security level to get around this issue...it's probably an easy one but I can't think of the best way. Any help appreciated.

1 REPLY
Silver

Re: Static xlate issue from lower to higher security level

You will need "static" and "access-list" commands to allow traffic to flow from a lower security interface (50) to a higher security interface (100). But the problem here is that the static will have a fixed local address from the "inside" network's range.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694

You may have to do another translation (using nat and global commands) to these addresses when the traffic exits your network to the Internet.

108
Views
0
Helpful
1
Replies