Hi there,
have a pix (525, 6.3.3) securing a public class-C network /24
Want to get data in and out only based on ACL. So want to have this /24 network staticly mapped with no network translation whatsoever
Something like static (inside,outside) zz.yy.xx.0 zz.yy.xx.0 netmask 255.255.255.0 0 0
This is accepted, but seems of no use ( perhaps getting from a higher security interface to a lower). However a nat 0 rule works for that also
However when I do
static (inside,outside) zz.yy.xx.1 zz.yy.xx.1 netmask 255.255.255.255 0 0 static (inside,outside) zz.yy.xx.2 zz.yy.xx.2 netmask 255.255.255.255 0 0 static (inside,outside) zz.yy.xx.3 zz.yy.xx.3 netmask 255.255.255.255 0 0
etc, etc, it does work. I can get from a lower security device to a higher security device.
Since I also got a lot of ( virtual) interfaces, this mean 256 times all the interfaces, is a lot of rules.
I guess i miss something obvious then, don't I?
Thanks for your time
Jan-Willem Michels
I have tried outgoing a nat null rule and with incomming static rules