Firewall Wizards mailing list archives
RE: PIX DMZ inter-access via outside IP address
From: "Keith Anderson" <keith () purescience com>
Date: Mon, 8 Dec 2003 09:39:34 -0700
Nope, aliases are already implemented and that allowed devices on each interface to access the OTHER interfaces using the Internet IP address, but not from the DMZ back to the DMZ using the Internet address. The problem ended up being a routing issue. Packets destined to the outside interface would get ignored by the router because they were assumed to be destined for a device on that domain. The solution was to use non-Internet routable addresses between the PIX and the router. Now that it has a different IP class, the router redirects those packets back to the PIX, and communication using the Internet addresses works on all interfaces. Thanks for your help, however.
-----Original Message----- From: Jason Ostrom [mailto:justiceguy () pobox com] Sent: Monday, December 08, 2003 9:35 AM To: Keith Anderson Cc: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] PIX DMZ inter-access via outside IP address Keith, Based on what you have described, it sounds like you need to use the "alias" command. My understanding is you are trying to have the DMZ hosts sourced on the RFC1918 network reach each other based on public destination addresses. The alias command will solve this problem. From the PIX 6.3 OS command reference: [no] alias [(if_name)] dnat_ip foreign_ip [netmask] Usage Guidelines The alias command translates one address into another. Use this command to prevent conflicts when you have IP addresses on a network that are the same as those on the Internet or another intranet. You can also use this command to do address translation on a destination address. For example, if a host sends a packet to 209.165.201.1, you can use the alias command to redirect traffic to another address, such as, 209.165.201.30.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX DMZ inter-access via outside IP address Keith Anderson (Dec 06)
- Re: PIX DMZ inter-access via outside IP address Jason Ostrom (Dec 10)
- RE: PIX DMZ inter-access via outside IP address Andy Lyakhovetskiy (Dec 11)
- <Possible follow-ups>
- RE: PIX DMZ inter-access via outside IP address Keith Anderson (Dec 10)
- R: PIX DMZ inter-access via outside IP address edp (Dec 11)
- RE: PIX DMZ inter-access via outside IP address Keith Anderson (Dec 11)