Re: [fw-wiz] Static nat to a distant network?



I might be missing the point of the question (wouldn't be the first
time). I'm not all that familiar with the intricacies of PIX, but I
suppose you *could*. The question is, though, how will the router
between your PIX and the "one-hop-away" network know to route traffic
back to your PIX for 10.1.3.200? Seems to me that if the distant network
is defined as 10.1.3.0/24, then that IP address (10.1.3.200) is assumed
to be on the "distant" network and your router won't route traffic
headed to 10.1.3.200 off its "own" network over to the PIX. When an ARP
request is generated your PIX won't ever see it to respond, since the
ARP will stay on the "distant" network.

On the other hand, I could be way off...

Jeff


-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of
William
Sent: Monday, October 02, 2006 1:31 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Static nat to a distant network?

Hi,

This is on my Cisco PIX 6.x

Is it possible to do a static nat from my outside interface to a host
which is one hop away from my dmz interface by just putting it in
normally:

static (dmz,outside) 10.1.1.200 10.1.3.200

where:
outside = 10.1.1.199
dmz = 10.1.2.199
distant network 10.1.3.0/24

Thank you.

W.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • PIX 515E dropping existing TCP connections
    ... I recently took over administration of a PIX 515E. ... network, and VPN to the PIX to access a private network. ... When the VPN is connected, I can SSH to hosts on the private network. ... PIX drops the connection after transferring just a few kilobytes. ...
    (comp.dcom.sys.cisco)
  • Re: [fw-wiz] bypassing PIX limitation
    ... setup another Pix box who's sole purpose is to connect to the ... Hopefully the following information will be clearer: The network behind ... assign the outside ip block from the partner to your global ... Can packets going into a VPN tunnel be NATed? ...
    (Firewall-Wizards)
  • [fw-wiz] Followup: An interesting VPN problem
    ... - Repeat above steps for the remote PIX, ... all traffic on the remote network is pushed ... > (including the traffic that should ultimately end up on the Internet). ... > that to work (using source routing), but I'd like to use a peripheral ...
    (Firewall-Wizards)
  • RE: [fw-wiz] Re: IP aliasing behind a PIX
    ... > network behind the PIX, but ... >> IPs behind a PIX firewall. ... >> network, the aliases work fine (i.e., the machines are accessible using ...
    (Firewall-Wizards)
  • Re: Cisco 501 Pix - Cable Modem - Wireless Router.....
    ... Network Student wrote: ... Gateway PC with a wireless network card. ... Plug the PIX 501 into the cable modem. ...
    (comp.security.firewalls)