basically yes, I think your statement is correct.
1) I haven't configured a PIX recently, but I don't recall it requiring an
access-list for static address translation, since the port is actually part
of the static (or conduit) command. Now I'm sure you'd want a ACL, but
simply for the same reason you'd put it on any interface, nothing specific
to NAT though.
2) as far as dynamic being one way, thats correct, but the way you worded
the sentence seems to imply that its also a one way from outside to inside.
dynamic is always inside to out and is blocked outside to inside.
scott
Sam wrote in message
news:[EMAIL PROTECTED]
Hey Guys.
First of all, there aren't any words to express my appreciation for this
list and all the guys who are always so helpful in here.
These questions are regarding NAT in reference to PIX only.
1)Static NAT works both ways. From outside to inside and vice versa.
However, You need an access-list configured if you are accessing from a
lower-security interface to a higher-security one.
2)Dynamic NAT on the contrary doesn't work both ways. Connections can be
initiated only from one interface to another and the other can only reply
statefully. Am I right?
Eg: If I configure an internal network(10.0.1.0) to translate to
64.4.4.10-64.4.4.30, 30 connections can be initiated towards the internet
and they would work fine. Replies can be sent back to those initiated
connections but no connections can be initiated from the Internet to the
internal network. Hence, I call it stateful.
Am I right about this full statement?
Thanks
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=64404t=64398
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
