Re: PIX v7: routing without NAT?

[Brian Loe <knobdy () gmail com>]

This might be a semi-beginner question as well, but as described you
have an external IP on the inside interface of the PIX - is that
intentional? I would expect to see a public IP address on your
external PIX interface and a private, non-'Net address on the internal
device. Your internal PC would use that private address as it's
default gateway (or the switch/router would) thereby allowing the PIX
to get it and shove off all traffic not destined for networks directly
connected to it to its own default gateway, your ISP router.

Again, to me, it would seem that they way you have explained it is
that the PIX would have to act as a bridge or switch. Your tests seem
to prove that as well since naturally the inside PC can ping the
inside interface of the PIX, they're on the same network and directly
connected, as should the external PC/PIX Interface work. However,
going from the inside PC to the outside PC you're trying to travel
over a device that doesn't know what to do with it.

On 1/17/06, Vahid Pazirandeh <vpaziran () yahoo com> wrote:
> Hi All,
>
> At our co-lo, we have IPs *.65 to *.97 available.  I'm trying to setup a mock
> network before touching the production environment.
>
> Our ISP router will be sitting on *.64, and we'd like to  use external IPs for
> all our servers that are behind the PIX.  Is this possible?
>
> I've run some tests (and mind you I am new to pix), and it seems that the ARP
> requests are not passing through the pix.  I'm also not sure that the network
> design we're using is going to work as intended.  Any thoughts?