This is a discussion on Re: [fw-wiz] static nat for inside returning traffic - Firewalls ; Yes if you want access to an inside host from traffic initiated from the outside then you must have either a static nat, static pat, or nat exemption. Regular nat or pat will only allow traffic from a higher security ...
Yes if you want access to an inside host from traffic initiated from
the outside then you must have either a static nat, static pat, or nat
exemption. Regular nat or pat will only allow traffic from a higher
security interface to a lower security interface, but not initiated
from the outside (lower security) to the inside (higher security).
On Nov 13, 2007 6:45 PM, Shahin Ansari
> I come across an issue which I can not explain and need your help please.
> I was trying to provide access to an inside host from outside. I put in a
> 1:1 static nat for the outside host, made sure there is a route for both
> hosts, and updated the outside interface access-list. But there was no
> connection. I also did not see any message in the logs. Just fyi, this was
> pix platform running 6.3(x). What seems to have fixed the issue was an
> static for the inside host. Which I did not think I need since there is a
> default nat statement on my inside interface translating everything to an
> global address. Any thoughts?
> Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it
> firewall-wizards mailing list
firewall-wizards mailing list