[c-nsp] problem creating a static on Pix

Scott Granados gsgranados at comcast.net
Thu Jul 30 18:59:54 EDT 2009


Mike, thank you this points me in the right direction.

Thanks!!!

Scott

----- Original Message ----- 
From: "Michael K. Smith - Adhost" <mksmith at adhost.com>
To: "Scott Granados" <gsgranados at comcast.net>; <cisco-nsp at puck.nether.net>
Sent: Thursday, July 30, 2009 3:51 PM
Subject: RE: [c-nsp] problem creating a static on Pix


Hello Scott:

> -----Original Message-----
> From: Scott Granados [mailto:gsgranados at comcast.net]
> Sent: Thursday, July 30, 2009 3:50 PM
> To: Michael K. Smith - Adhost; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] problem creating a static on Pix
> 
> Cool, this really helps.
> 
> I also have an acl applied to the inside interface.  Would I have to
> add the
> inside IP to that ACL as well, is this a bidirectional arrangement?
> 

The inside ACL is just for traffic originating from the 10. Network.
Anything coming inbound will be allowed back out according to its
presence in the state table.  However, if you want to originate a
connection from the inside on port 80 or 443, as an example, those would
have to be added as such:

Access-list acl-inside permit tcp host 10.x.x.77 any eq 80

Regards,

Mike


More information about the cisco-nsp mailing list