Firewall Wizards mailing list archives

RE: PIX and NAT

From: "Iannaccone, Al" <Al.Iannaccone () occ treas gov>
Date: Wed, 3 Apr 2002 11:59:45 -0500

Joe and class;

I can relate. I somewhat agree, the PIX CLI is a bit different... to say the
least. But, once you become accustomed to it, I think you may actually like
it more. 

To help with your question... 

I have found that this site has helped me out when I need a config sample.
Look under the "Software Configuration" section. 

http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Hardware:PIX

if you just want to get the stuff that answers you question... go here:

http://www.cisco.com/warp/public/110/19.html

I am pretty sure this has the poopage you need.

Al

-----Original Message-----
From: Joe Keegan [mailto:joe () jjk3 com] 
Sent: Tuesday, April 02, 2002 1:54 PM
To: Firewall Wizards Mailing List
Subject: [fw-wiz] PIX and NAT

I am a CheckPoint guy who is trying to learn about Cisco PIX firewalls.
I have had some experience with Cisco IOS and I have found it easy to
use and intuitive, everything I have read has made sense. I am now
finding that PIX does not follow this trend.

I am confused about how to configure a PIX to use NAT on some
interfaces, but not on others. Here is the situation, I have a PIX with
four Ethernet interfaces.

E0 - outside, security0
E1 - inside, security100
E2 - dmz1, security20
E3 - dmz2, security95

Now I want the inside, dmz1 & dmz2 (each with RFC1918 IP's) networks to
each use their own PATs when they send traffic destined for the outside,
which is no problem (each get their own NAT and global numbers).

But I do not want inside, dmz1 & dmz2 to perform NAT (or PAT) between
each other.

I am confused on how to accomplish this, any help or pointing me in the
right direction would be greatly appreciated.

Thanks

Joe

*******************************************************************
Joe Keegan                                             joe () jjk3 com
Security Engineer
SANS GCFW, CCSE, SCSA
Phone: 408-242-4588
*******************************************************************

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

PIX and NAT Joe Keegan (Apr 03)
- Re: PIX and NAT Carson Gaspar (Apr 03)
- RE: PIX and NAT Benjamin P. Grubin (Apr 03)
- <Possible follow-ups>
- RE: PIX and NAT Iannaccone, Al (Apr 03)