https://community.cisco.com/t5/network-security/static-for-inbound-connection-to-any-network/m-p/804906#M1000536 <HTML><HEAD></HEAD><BODY><P>Hi Paul </P><P></P><P>You could use a nat exemption which is bi-directional although it would need testing against any other translations you have on the firewall ie.</P><P></P><P>access-list 101 permit ip any any </P><P>nat (inside) 0 access-list 101</P><P></P><P>By the way are you the Paul Thomsett that did work for Network Rail. If so, how are you ?. Hope everything is going well.</P><P></P><P>Jon</P></BODY></HTML> Wed, 12 Sep 2007 06:40:24 GMT Jon Marshall 2007-09-12T06:40:24Z https://community.cisco.com/t5/network-security/static-for-inbound-connection-to-any-network/m-p/804904#M1000534 <P>I have a strange situation on a clients PIX firewall. We are connected to a partner (via our outside interface) and the partner now wishes to use the internet via our network for just a number of devices in a shared DMZ (i.e. the internet is now residing on the inside network. This means it is hard to declare a static that will allow inbound access to in effect 'any'.</P><P>Does anyone know if this is possible, and if so what the static command will look like, is it possible to do a 0.0.0.0 type thing..?</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 11:07:16 GMT https://community.cisco.com/t5/network-security/static-for-inbound-connection-to-any-network/m-p/804904#M1000534 pthomsett 2019-03-11T11:07:16Z https://community.cisco.com/t5/network-security/static-for-inbound-connection-to-any-network/m-p/804905#M1000535 <HTML><HEAD></HEAD><BODY><P>I don't think that it is a good idea to have an inbound access to any network. It will be very tough to implement this (as per your scenario) and it can have a big security impact.</P></BODY></HTML> Tue, 11 Sep 2007 20:34:45 GMT https://community.cisco.com/t5/network-security/static-for-inbound-connection-to-any-network/m-p/804905#M1000535 didyap 2007-09-11T20:34:45Z https://community.cisco.com/t5/network-security/static-for-inbound-connection-to-any-network/m-p/804906#M1000536 <HTML><HEAD></HEAD><BODY><P>Hi Paul </P><P></P><P>You could use a nat exemption which is bi-directional although it would need testing against any other translations you have on the firewall ie.</P><P></P><P>access-list 101 permit ip any any </P><P>nat (inside) 0 access-list 101</P><P></P><P>By the way are you the Paul Thomsett that did work for Network Rail. If so, how are you ?. Hope everything is going well.</P><P></P><P>Jon</P></BODY></HTML> Wed, 12 Sep 2007 06:40:24 GMT https://community.cisco.com/t5/network-security/static-for-inbound-connection-to-any-network/m-p/804906#M1000536 Jon Marshall 2007-09-12T06:40:24Z