We replaced a Microsoft ISA server with a PIX 501. The upstream router is a 2600 managed by the ISP so I cannot get into it. After I configured the PIX, I could not ping Internet hosts. I was told I needed a unity static statement to let packets go out (the 2600 does NAT): static (inside,outside) 10.0.0.0 10.0.0.0 netmask 255.255.255.0 0 0
At the same time, we had the ISP configure a route and NAT to the10.0.0.0 network in the 2600 so I don't know for sure which change enabled connectivity.
I thought that by default the PIX allows packets from a more secure network to a less secure network and also return packets. So is the static statement necessary? If so, why?