RE: [fw-wiz] pix nat question
From: Melson, Paul (PMelson_at_sequoianet.com)
Date: 01/23/04
- Previous message: Robinson, Mark Mr /SAIC: "RE: [fw-wiz] [1/2 OT] Tool to "draw" network topology"
- Maybe in reply to: Strydom, Willie: "[fw-wiz] pix nat question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Strydom, Willie" <WStrydom@fnb.co.za>, <firewall-wizards@honor.icsalabs.com> Date: Fri, 23 Jan 2004 10:36:12 -0500
Absolutely. You just have to think like a PIX. :-)
Say your internal network is 10.0.0.0/16 and your DMZ host and network are 192.168.0.3/16, and your outside is 1.2.3.0/24, with the DMZ host statically NAT-ed to 1.2.3.4, your config looks like this now:
static (dmz, outside) 1.2.3.4 192.168.0.3 netmask 255.255.255.255 0 0
If you want it to appear this way on the inside network, you need to create a global for the DMZ network, and then a static, like so:
global (dmz) 1 interface
static (dmz, inside) 1.2.3.4 192.168.0.3 netmask 255.255.255.255 0 0
PaulM
> -----Original Message-----
> On a Checkpoint one can call a host in a DMZ on the physical
> address and on
> the "NAT" address from the internal network. Due to the way
> the statics work
> on a pix this is not possible, or is it. I see you can do
> statics with acl's
> in newer IOS's, I wonder if anyone has ever managed to get the same
> functionallity as the above checkpoint example.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Robinson, Mark Mr /SAIC: "RE: [fw-wiz] [1/2 OT] Tool to "draw" network topology"
- Maybe in reply to: Strydom, Willie: "[fw-wiz] pix nat question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
