I would think you would need a static NAT to allow the security 0 interface to initiate a coonection to the higher sec interface.
Clayton ""John Green"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > two questions here: > first so no static command would be needed ? is that > correct ? > second, about the nat statement > "nat (inside) 0 0 0" > the cisco docs show actually 4 zeros, the last being > flags while the first two meaning 0.0.0.0 right ? did > you miss out the last zero ? > > > > --- Peter zhang wrote: > > what you need to do is; > > > > ip addr outside 10.1.2.2 255.255.255.0 > > ip addr inside 10.1.1.1 255.255.255.0 > > > > access-list access_out per ip any any > > access-group access_out in int outside > > > > nat (inside) 0 0 0 > > > > be careful with what are you going to permit in > > access-list > [EMAIL PROTECTED] > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Health - Feel better, live better > http://health.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49858&t=49800 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]