Firewall Wizards mailing list archives

PIX and NAT

From: "Joe Keegan" <joe () jjk3 com>
Date: Tue, 2 Apr 2002 10:54:12 -0800

I am a CheckPoint guy who is trying to learn about Cisco PIX firewalls.
I have had some experience with Cisco IOS and I have found it easy to
use and intuitive, everything I have read has made sense. I am now
finding that PIX does not follow this trend.

I am confused about how to configure a PIX to use NAT on some
interfaces, but not on others. Here is the situation, I have a PIX with
four Ethernet interfaces.

E0 - outside, security0
E1 - inside, security100
E2 - dmz1, security20
E3 - dmz2, security95

Now I want the inside, dmz1 & dmz2 (each with RFC1918 IP's) networks to
each use their own PATs when they send traffic destined for the outside,
which is no problem (each get their own NAT and global numbers).

But I do not want inside, dmz1 & dmz2 to perform NAT (or PAT) between
each other.

I am confused on how to accomplish this, any help or pointing me in the
right direction would be greatly appreciated.

Thanks

Joe

*******************************************************************
Joe Keegan                                             joe () jjk3 com
Security Engineer
SANS GCFW, CCSE, SCSA
Phone: 408-242-4588
*******************************************************************

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

PIX and NAT Joe Keegan (Apr 03)
- Re: PIX and NAT Carson Gaspar (Apr 03)
- RE: PIX and NAT Benjamin P. Grubin (Apr 03)
- <Possible follow-ups>
- RE: PIX and NAT Iannaccone, Al (Apr 03)