[c-nsp] problem creating a static on Pix
Scott Granados
gsgranados at comcast.net
Thu Jul 30 18:59:54 EDT 2009
Mike, thank you this points me in the right direction.
Thanks!!!
Scott
----- Original Message -----
From: "Michael K. Smith - Adhost" <mksmith at adhost.com>
To: "Scott Granados" <gsgranados at comcast.net>; <cisco-nsp at puck.nether.net>
Sent: Thursday, July 30, 2009 3:51 PM
Subject: RE: [c-nsp] problem creating a static on Pix
Hello Scott:
> -----Original Message-----
> From: Scott Granados [mailto:gsgranados at comcast.net]
> Sent: Thursday, July 30, 2009 3:50 PM
> To: Michael K. Smith - Adhost; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] problem creating a static on Pix
>
> Cool, this really helps.
>
> I also have an acl applied to the inside interface. Would I have to
> add the
> inside IP to that ACL as well, is this a bidirectional arrangement?
>
The inside ACL is just for traffic originating from the 10. Network.
Anything coming inbound will be allowed back out according to its
presence in the state table. However, if you want to originate a
connection from the inside on port 80 or 443, as an example, those would
have to be added as such:
Access-list acl-inside permit tcp host 10.x.x.77 any eq 80
Regards,
Mike
More information about the cisco-nsp
mailing list