08-11-2004 02:40 PM - edited 02-20-2020 11:33 PM
I am trying to configure a 506e with a private ip network on the outside interface... My corporate network will be on the inside interface, the users on the outside/private network will access the Internet through the corporate inside interface...
I can get this to almost work with a static map and by adding a route on the corporate network back to the private network... This will allow the outside/private network to access systems on the corporate network but not the Internet.....
Nat would be best, but my company will not allow me to turn the pix around... any suggestions?
08-12-2004 05:02 AM
Where are you doing nat? You need to do it somewhere?
Your config is perfectly bizarre. If you are worried about the alleged outside/private users, put them on the inside interface, and write an acl that blocks everything, and apply it to the inside interface.
There is really nothing you cannot do for blocking that you cannot do from the outside in that you can do from the inside out
08-12-2004 05:55 AM
I agree my company insists on puting the private network on the outside interface... They claim they can manage the pix better....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide