Firewall Wizards mailing list archives
Re: PIX v7: routing without NAT?
From: Brian Loe <knobdy () gmail com>
Date: Tue, 17 Jan 2006 20:18:15 -0600
This might be a semi-beginner question as well, but as described you have an external IP on the inside interface of the PIX - is that intentional? I would expect to see a public IP address on your external PIX interface and a private, non-'Net address on the internal device. Your internal PC would use that private address as it's default gateway (or the switch/router would) thereby allowing the PIX to get it and shove off all traffic not destined for networks directly connected to it to its own default gateway, your ISP router. Again, to me, it would seem that they way you have explained it is that the PIX would have to act as a bridge or switch. Your tests seem to prove that as well since naturally the inside PC can ping the inside interface of the PIX, they're on the same network and directly connected, as should the external PC/PIX Interface work. However, going from the inside PC to the outside PC you're trying to travel over a device that doesn't know what to do with it. On 1/17/06, Vahid Pazirandeh <vpaziran () yahoo com> wrote:
Hi All, At our co-lo, we have IPs *.65 to *.97 available. I'm trying to setup a mock network before touching the production environment. Our ISP router will be sitting on *.64, and we'd like to use external IPs for all our servers that are behind the PIX. Is this possible? I've run some tests (and mind you I am new to pix), and it seems that the ARP requests are not passing through the pix. I'm also not sure that the network design we're using is going to work as intended. Any thoughts?
Current thread:
- PIX v7: routing without NAT? Vahid Pazirandeh (Jan 17)
- Re: PIX v7: routing without NAT? Brian Loe (Jan 18)