[c-nsp] problem creating a static on Pix
Michael K. Smith - Adhost
mksmith at adhost.com
Thu Jul 30 18:51:57 EDT 2009
Hello Scott:
> -----Original Message-----
> From: Scott Granados [mailto:gsgranados at comcast.net]
> Sent: Thursday, July 30, 2009 3:50 PM
> To: Michael K. Smith - Adhost; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] problem creating a static on Pix
>
> Cool, this really helps.
>
> I also have an acl applied to the inside interface. Would I have to
> add the
> inside IP to that ACL as well, is this a bidirectional arrangement?
>
The inside ACL is just for traffic originating from the 10. Network.
Anything coming inbound will be allowed back out according to its
presence in the state table. However, if you want to originate a
connection from the inside on port 80 or 443, as an example, those would
have to be added as such:
Access-list acl-inside permit tcp host 10.x.x.77 any eq 80
Regards,
Mike
More information about the cisco-nsp
mailing list