Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Static nat to a distant network?

From: "Behm, Jeffrey L." <BehmJL () bv com>
Date: Fri, 6 Oct 2006 10:58:08 -0500
I might be missing the point of the question (wouldn't be the first
time). I'm not all that familiar with the intricacies of PIX, but I
suppose you *could*. The question is, though, how will the router
between your PIX and the "one-hop-away" network know to route traffic
back to your PIX for 10.1.3.200? Seems to me that if the distant network
is defined as 10.1.3.0/24, then that IP address (10.1.3.200) is assumed
to be on the "distant" network and your router won't route traffic
headed to 10.1.3.200 off its "own" network over to the PIX. When an ARP
request is generated your PIX won't ever see it to respond, since the
ARP will stay on the "distant" network.

On the other hand, I could be way off...

Jeff


-----Original Message-----
From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of
William
Sent: Monday, October 02, 2006 1:31 PM
To: Firewall Wizards Security Mailing List
Subject: [fw-wiz] Static nat to a distant network?

Hi,

This is on my Cisco PIX 6.x

Is it possible to do a static nat from my outside interface to a host
which is one hop away from my dmz interface by just putting it in
normally:

static (dmz,outside) 10.1.1.200 10.1.3.200

where:
          outside = 10.1.1.199
          dmz = 10.1.2.199
          distant network 10.1.3.0/24

Thank you.

W.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: