Hi John, Although not intuitive, you also need static commands to use with NAT 0 if going from a lower to higher level security interface sort of like this, the following is an example of allowing ftp from the outside interface (any network) to the internal network:
Access-list NONAT permit ip 192.168.1.0 255.255.255.0 any access-list FromOut permit tcp any 192.168.1.0 255.255.255.0 eq ftp nat (inside) 0 access-list NONAT static (inside,outside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 access-group FromOut in int out rgds, C -----Original Message----- From: John Green [mailto:[EMAIL PROTECTED]] Sent: 28 July 2002 07:04 To: [EMAIL PROTECTED] Subject: pix without NAT [7:49914] i am using pix without nat (hence using the nat 0 command) in addition to the access-list command to allow outside hosts to get into internal network is there any else needed. do i need a static command as well ? __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. For more information contact [EMAIL PROTECTED] phone + 353 1 4093000 fax + 353 1 4093001 ********************************************************************** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49934&t=49914 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]