Prev: ASA 5505 Object-Group
Next: Newbie, Cisco 877, ipv6, IOS, completely stuck
From: Bob Simon on 15 Apr 2008 11:19
We replaced a Microsoft ISA server with a PIX 501. The upstream
router is a 2600 managed by the ISP so I cannot get into it. After I
configured the PIX, I could not ping Internet hosts. I was told I
needed a unity static statement to let packets go out (the 2600 does
NAT):
static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.255.255.0 0 0

At the same time, we had the ISP configure a route and NAT to the
10.0.0.0 network in the 2600 so I don't know for sure which change
enabled connectivity.

I thought that by default the PIX allows packets from a more secure
network to a less secure network and also return packets. So is the
static statement necessary? If so, why?
 | 
Pages: 1
Prev: ASA 5505 Object-Group
Next: Newbie, Cisco 877, ipv6, IOS, completely stuck