may be you can use for example internal network: 192.168.1.x / 24 external network: 200.100.100.X /24
you can use this static command static 192.168.1.0 192.168.1.0 netmask 255.255.255.0 0 0 access-list OUT permit ip any any access-list IN permit ip X.X.X.X any access-group OUT interface inside access-group IN interface outside Then , the PIX will perform as an ROUTER, you can control the outside and inside access-list instead of using CONDUIT to open/map the port for those internal server. This method is teached by a CCIE of Cisco TAC. Hope this tricky method can help you! ""Philip Sousa"" I've been on Cisco's site for hours, but cannot find a conclusive answer to > my question. When you disable NAT (NAT 0) to allow the use of public IP's > behind the PIX, are the internal nodes allowed to start outbound connections > by default?? I need to selectively allow nodes behind the firewall to start > outbound connections on certain port....how should I accomplish this? > Access-lists? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31371&t=31353 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]