PIX with Public DMZ

[Tony Mucker <Tony () tonymucker com>]

Trying to get this figured out...

I have a PIX (ver 6.3) with three interfaces, outside, inside and DMZ.  
I have a routable Class C address space at my disposal, and I have it 
subnetted as a /25 (two networks, 0-127, and 128-254).  The outside 
interface is .3, and the DMZ interface is .129. 

All inside -> outside traffic is fine (all inside hosts are PAT'ed 
through .2), and there are static mappings on the outside interface for 
hosts that need to be accessible from the Internet (DNS, mail, FTP etc).

Since the DMZ will have a routable address space, what commands do I 
need use to allow the DMZ servers to access the outside world without 
being NAT'ed?  Is it a nat 0 ACL, or nat outside?

Also, in the near future, I'd like the DMZ interface on the PIX to 
accept incoming VPN connections, but that's something I'll worry about 
later.

Thanks
Tony


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards