that's exactly what i am trying to find.
do we need a static command as well in addition to the
access-list to allow traffic from lower security to a
higher security ?
static command is for mapping ip addresses ? right ?
and access list is the one that allows the access ?
right ??
--- Peter zh
1. the example i showed you was based on your previous configuration, and
yes you need to have static command to have outside hosts to connect to
inside host.
static (inside,outside) 10.1.2.3 10.1.1.3
make sure conduit or have access-list permit the traffic to 10.1.2.3
Message Posted at:
ht
I would think you would need a static NAT to allow the security 0 interface
to initiate a coonection to the higher sec interface.
Clayton
""John Green"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> two questions here:
> first so no static command would be needed ? is that
>
two questions here:
first so no static command would be needed ? is that
correct ?
second, about the nat statement
"nat (inside) 0 0 0"
the cisco docs show actually 4 zeros, the last being
flags while the first two meaning 0.0.0.0 right ? did
you miss out the last zero ?
--- Peter zhang wr
if there are no address translations then
for connections initiated from outside to internal
network, is "static" command needed ? (I am providing
an access list for connections initiated from the
outside network though, anything else needed ??)
--- John Green wrote:
> this setup is simple wi
what you need to do is;
ip addr outside 10.1.2.2 255.255.255.0
ip addr inside 10.1.1.1 255.255.255.0
access-list access_out per ip any any
access-group access_out in int outside
nat (inside) 0 0 0
be careful with what are you going to permit in access-list
Message Posted at:
http://www.grou
6 matches
Mail list logo
