Hello William: > -----Original Message----- > From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp- > boun...@puck.nether.net] On Behalf Of William > Sent: Monday, January 12, 2009 7:13 AM > To: cisco-nsp@puck.nether.net > Subject: [c-nsp] PIX 6x translation issue > > Hi there chaps, > > I have a PIX running 6x software with 3 interfaces: > > outside - sec0 (public IP address) > inside - sec100 (10.1.1.253/24) > office - sec90 (10.75.4.253/24) > > > At the moment I have it configured so hosts on the inside interface > can access the internet (natted to interface ip on outside) and access > various networks over VPN (no nat). Hosts on the office network can > also access the internet (natted the same as inside). > > What I'm trying to figure out is how I can get hosts on the office > network to access hosts on the inside network without their addresses > being translated. I've built an access-list and applied it to the > office interface which is straight forward and I've added the > following static: > access-list office-to-inside permit ip 10.75.4.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list inside-to-office permit ip 10.1.1.0 255.255.255.0 10.75.4.0 255.255.255.0 access-group inside-to-office in interface inside access-group office-to-inside in interface office nat (office) 0 access-list office-to-inside
You can tighten that down to a single host as you had in your example as well. Regards, Mike
PGP.sig
Description: PGP signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/