PIX Static Statement

We replaced a Microsoft ISA server with a PIX 501. The upstream router is a 2600 managed by the ISP so I cannot get into it. After I configured the PIX, I could not ping Internet hosts. I was told I needed a unity static statement to let packets go out (the 2600 does NAT): static (inside,outside) netmask 0 0

At the same time, we had the ISP configure a route and NAT to the network in the 2600 so I don't know for sure which change enabled connectivity.

I thought that by default the PIX allows packets from a more secure network to a less secure network and also return packets. So is the static statement necessary? If so, why?

Reply to
Bob Simon
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.