Firewall Wizards mailing list archives
Re: static nat for inside returning traffic
From: "kevin horvath" <kevin.horvath () gmail com>
Date: Wed, 14 Nov 2007 20:28:51 -0500
Yes if you want access to an inside host from traffic initiated from the outside then you must have either a static nat, static pat, or nat exemption. Regular nat or pat will only allow traffic from a higher security interface to a lower security interface, but not initiated from the outside (lower security) to the inside (higher security). On Nov 13, 2007 6:45 PM, Shahin Ansari <zohal52 () yahoo com> wrote:
Greetings- I come across an issue which I can not explain and need your help please. I was trying to provide access to an inside host from outside. I put in a 1:1 static nat for the outside host, made sure there is a route for both hosts, and updated the outside interface access-list. But there was no connection. I also did not see any message in the logs. Just fyi, this was pix platform running 6.3(x). What seems to have fixed the issue was an static for the inside host. Which I did not think I need since there is a default nat statement on my inside interface translating everything to an global address. Any thoughts? Sean ________________________________ Be a better sports nut! Let your teams follow you with Yahoo Mobile. Try it now. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- static nat for inside returning traffic Shahin Ansari (Nov 14)
- Re: static nat for inside returning traffic kevin horvath (Nov 17)
- Re: static nat for inside returning traffic Robert Fenech (Nov 17)
- Re: static nat for inside returning traffic Chris Myers (Nov 21)