Re: [fw-wiz] Static nat to a distant network?

From: "Horvath, Kevin M." <KEVIN.M.HORVATH@xxxxxxxx>
Date: Fri, 6 Oct 2006 12:07:42 -0400

Yes you can as long as there is a route for it and it is already accessible
via the pix. Obviously you will need to make some acl changes if they are
not already there.

Kevin M. Horvath
CISSP, CCSP, GCIH, INFOSEC, CQS-FW, CQS-VPN, CQS-IDS, CCNA
SAIC - IT Security Division

-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of
William
Sent: Monday, October 02, 2006 2:31 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Static nat to a distant network?

Hi,

This is on my Cisco PIX 6.x

Is it possible to do a static nat from my outside interface to a host
which is one hop away from my dmz interface by just putting it in
normally:

static (dmz,outside) 10.1.1.200 10.1.3.200

where:
outside = 10.1.1.199
dmz = 10.1.2.199
distant network 10.1.3.0/24

Thank you.

W.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Prev by Date: Re: [fw-wiz] Static nat to a distant network?
Next by Date: Re: [fw-wiz] Cisco PIX log analyzer, parser, reporter?
Previous by thread: Re: [fw-wiz] Static nat to a distant network?
Next by thread: [fw-wiz] best practices for configuring two ASA5520 with IPS module in Active/Active failover mode
Index(es):
- Date
- Thread

Relevant Pages

Re: Dual gateway configuration on ASA 5520
... have a default gateway on interface outside2, route ... PIX / ASA does not have source routing. ... The usual way of handling this sort of thing on PIX / ASA ... route to 10.3.x.x was through the outside2 interface so it would ...
(comp.dcom.sys.cisco)
Re: pix 515e, two internet connections
... I guess by using policy nat you can route traffic based on its orgininatig ... The PIX 515E supports PIX 7.x, but I have not had a chance ... If the two RIP routes were being received through different interfaces ...
(comp.dcom.sys.cisco)
LAN-to-LAN involving PIX and VPN
... PIX 515e with DMZ card ... I have a LAN-to-LAN setup between the 2 sites, ... default route) to route all the other offices traffic to the VPN ... the correct route to take, ...
(comp.dcom.sys.cisco)
Re: [fw-wiz] Question about a Cisco PIX 515 - Routing question (I think)
... You can't route between NAT'ed Public IP addresses from behind the PIX. ... how to route the traffic 'out' and back 'in' the same interface. ... If you wish the servers to 'talk' to each other you will need to have them ...
(Firewall-Wizards)
Re: PIX 515 responding to ARP commands...
... PIX software version you are running. ... Frame is marked: False Arrival Time: Aug 31, 2005 13:02:12.689705000 Time delta from previous packet: -15837.314363000 seconds Time since reference or first frame: 591.799104000 seconds Frame Number: 1 Packet Length: 60 bytes Capture Length: 60 bytes Protocols in frame: eth:arp ... Hardware type: Ethernet Protocol type: IP ... your PIX emitting a default route towards the inside, which is normally overridden by something with a better route but that something drops the ball? ...
(comp.dcom.sys.cisco)