Re: static nat for inside returning traffic

["kevin horvath" <kevin.horvath () gmail com>]

Yes if you want access to an inside host from traffic initiated from
the outside then you must have either a static nat, static pat, or nat
exemption.  Regular nat or pat will only allow traffic from a higher
security interface to a lower security interface, but not initiated
from the outside (lower security) to the inside (higher security).

On Nov 13, 2007 6:45 PM, Shahin Ansari <zohal52 () yahoo com> wrote:
> Greetings-
>    I come across an issue which I can not explain and need your help please.
> I was trying to provide access to an inside host from outside.  I put in a
> 1:1 static nat for the outside host, made sure there is a route for both
> hosts, and updated the outside interface access-list.  But there was no
> connection.  I also did not see any message in the logs.  Just fyi, this was
> pix platform running 6.3(x).  What seems to have fixed the issue was an
> static for the inside host.  Which I did not think I need since there is a
> default nat statement on my inside interface translating everything to an
> global address.  Any thoughts?
> Sean
>
>
>  ________________________________
> Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it
> now.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards