Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: PIX 525

PIX 525 9 years 10 months ago #19393

  • Dove
  • Dove's Avatar
  • Offline
  • Distinguished Member
  • Posts: 198
  • Thank you received: 1
  • Karma: 2
Hi All,

Can some explain in detail about the command static(inside,DMZ).

When googled I understood that its a static NAT but my confusion here is I read one more thing that to travel the packet from low security zone to high security zone need to configure through this command. Please some enlighten me on this, how its works and why and where it should be used. :roll:


Thanks in Advance.

Dove
The administrator has disabled public write access.

Re: PIX 525 9 years 10 months ago #19395

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Hi Dove,

You are quite right in the googling that you have done. The Pix has the Security Level's in order to limit the threats caused by miss-configurations.

In order to get traffic from a High to Low, the traffic will flow as long as Access-Lists are in place, and the Global/NAT has been configured.

From Low to High, you need to make sure that you have a Static Translation in place in order to allow the traffic flow. In older version of the code you used a Conduit but this has been dropped (i have never used the conduit as it was before my time with the pix).

Its just an additional level of security to ensure that in order to go from the outside to inside, you have to manually add a static translation in order to allow the flow.

The static is only required if you want to allow traffic from outside (Security-Level 0) to inside (Security-Level 100). Or if you have a DMZ and you want the traffic flow from outside (Security-Level 0) to DMZ (Security-Level 50).

Traffic from Inside to Outside or Inside to DMZ will flow wihtout configuration of a static translation.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: PIX 525 9 years 10 months ago #19404

  • Dove
  • Dove's Avatar
  • Offline
  • Distinguished Member
  • Posts: 198
  • Thank you received: 1
  • Karma: 2
oh, Many thanks Smurf,

Now I got an idea about this.....

Dove
The administrator has disabled public write access.
Time to create page: 0.074 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup