Hi, If I understand correctly, this cas has nothing to do with NAT. All you need to do is to create a static command. If you don't need to change address, use the same address for both inside and outside host. Here is the example :
static (inside,outside) 10.10.10.2 10.10.10.2 netmask 255.255.255.255 0 0 This is required to allow traffic from a low security interface to a high security interface. In addition to static command, an access list is also required. This is working in a couple of my production environments. Best Regards, Ufuk Yasibeyli [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of B|lent ^ahin Sent: 12 Temmuz 2002 Cuma 10:25 To: [EMAIL PROTECTED] Subject: RE: PIX without NAT. [7:48593] Hi, I tried it before. Without NAT it didn't work, but you can do it using NAT; translating IP address to the same IP address. I suppose it's related to stateful inspection. Bulent -----Original Message----- From: Ivan [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 11, 2002 6:27 PM To: [EMAIL PROTECTED] Subject: PIX without NAT. [7:48593] Hello all, I have simple pix problems, can anyone help me?(Thank you very much) If I have a pix have two interface as the following: inside: 10.10.10.1 / 24 outside : 192.168.1.1 / 24 and without nat (nat 0 0 0), I think that that must can allow inside hosts to access outside, but can I allow the outside PC to access the inside's hosts? e.g. access-list 10 permit tcp any host 10.10.10.2 eq smtp (or any services) Thank you very much for your help!!!! Regards, Ivan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48661&t=48593 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
