Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: PIX firewall global command

From: Jonathan Rozes <jrozes () vinton com>
Date: Fri, 9 Nov 2001 09:08:00 -0800
Hi Rudy,

I'm not entirely sure of the topology you are describing - do you have two
networks behind your PIX that each need to access remote sites through the
outside interface using different nat addresses? In any case, the global and
nat commands work together with a nat id. Let's say you want the systems on
the network 10.1.1/24 to use the nat address 10.4.4.4 and the systems on
network 10.1.2/24 to use the nat address 10.4.4.5. You should be able to do
that like this:

global (outside) 1 10.4.4.4 netmask 255.255.255.0
global (outside) 2 10.4.4.5 netmask 255.255.255.0
nat (inside) 1 10.1.1.0 255.255.255.0 0 0
nat (inside) 2 10.1.2.0 255.255.255.0 0 0

The nat ids are specified in the third field of each command (I used 1 and 2
above). Nat ids can be any positive integer between 0 and 2 billion. Beware
that id 0 has a special meaning though - it specifies addresses that should
be exempted from translation. Access control would still be accomplished by
applying access lists to specific interfaces.

Hope this helps...

jonathan

+++ Jonathan Rozes, Systems Architect, Will Vinton Studios



-----Original Message-----
From: Rudy_D_Pereda () mail dbf state fl us
[mailto:Rudy_D_Pereda () mail dbf state fl us]
Sent: Thursday, November 08, 2001 6:54 AM
To: firewall-wizards () nfr com
Subject: [fw-wiz] PIX firewall global command


I have two different groups that need access to a secured 
site. I've been
given two IP addresses to use for translation.
My question is: How can I setup two global statements with 
different Nat
IDs to allow the different groups access to specific systems 
on the secured
site using the given IP addresses?
By the way, the groups are located in different geographic 
regions and all
must come across a frame-relay network.

Any help will be highly appreciated.

...Rudy Pereda

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: