R: [fw-wiz] PIX DMZ inter-access via outside IP address
From: edp (edp.lists_at_acerbis.it)
Date: 12/11/03
- Previous message: WhiteHat_at_btclick.com: "[fw-wiz] Firewalls v. Router ACLs"
- In reply to: Keith Anderson: "RE: [fw-wiz] PIX DMZ inter-access via outside IP address"
- Next in thread: Keith Anderson: "RE: [fw-wiz] PIX DMZ inter-access via outside IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Keith Anderson'" <keith@purescience.com> Date: Thu, 11 Dec 2003 17:47:52 +0100
> The solution was to use non-Internet
> routable addresses between the PIX and the router.
Solution suggested to me in the past, but very problematic if you use
the pix also as vpn/ipsec public termination device, thus requiring a
public ip address.
In a scenario similar to that depicted by you, my quick and dirty
workaround was to configure two ip addresses for each dmz machine (the
internal private one and another ip corresponding to the public one) so
the servers was able to communicate without routing tricks with both
addresses.
However, when possible and when communication without using name
resolution isn't mandatory, I tend to use a dns split horizon solution.
.FT
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: WhiteHat_at_btclick.com: "[fw-wiz] Firewalls v. Router ACLs"
- In reply to: Keith Anderson: "RE: [fw-wiz] PIX DMZ inter-access via outside IP address"
- Next in thread: Keith Anderson: "RE: [fw-wiz] PIX DMZ inter-access via outside IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
