Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

pix nat question

From: "Strydom, Willie" <WStrydom () fnb co za>
Date: Fri, 23 Jan 2004 10:28:19 +0200
On a Checkpoint one can call a host in a DMZ on the physical address and on
the "NAT" address from the internal network. Due to the way the statics work
on a pix this is not possible, or is it. I see you can do statics with acl's
in newer IOS's, I wonder if anyone has ever managed to get the same
functionallity as the above checkpoint example.


Regards.


 195.1.1.1       
|
|
|                 Static from outside to DMZ
|
|
fwl---------------------- 192.168.1.3/(Nat) 195.1.1.3
|
|
|
|                 nat & global to DMZ
|
|
172.20.1.1

from 172.20.1.x I wanna be able to call either 192.168.1.3 or 195.1.1.3.  






Willie Strydom

Network Engineer (Security)
CCSA, CCNA, CCSP, INFOSEC Professional
(Cisco Number csco10315544)
(Check Point Number 952966390)
First National Bank
+27 11 889 5543

"Sure, I love children,
but I could never eat a whole one."




___________________________________________________________________________________________________


The views expressed in this email are, unless otherwise stated, those of the author and not those
of the FirstRand Banking Group or its management.  The information in this e-mail is confidential
and is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. 
If you are not the intended recipient, any disclosure, copying, distribution or any action taken or 
omitted in reliance on this, is prohibited and may be unlawful.
Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data 
transmitted electronically and to preserve the confidentiality thereof, no liability or 
responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted 
or does not reach its intended destination.

                               ________________________________
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: