Yes if you want access to an inside host from traffic initiated from
the outside then you must have either a static nat, static pat, or nat
exemption. Regular nat or pat will only allow traffic from a higher
security interface to a lower security interface, but not initiated
from the outside (lower security) to the inside (higher security).

On Nov 13, 2007 6:45 PM, Shahin Ansari wrote:
> Greetings-
> I come across an issue which I can not explain and need your help please.
> I was trying to provide access to an inside host from outside. I put in a
> 1:1 static nat for the outside host, made sure there is a route for both
> hosts, and updated the outside interface access-list. But there was no
> connection. I also did not see any message in the logs. Just fyi, this was
> pix platform running 6.3(x). What seems to have fixed the issue was an
> static for the inside host. Which I did not think I need since there is a
> default nat statement on my inside interface translating everything to an
> global address. Any thoughts?
> Sean
> ________________________________
> Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it
> now.
> _______________________________________________
> firewall-wizards mailing list

firewall-wizards mailing list