Firewall Wizards mailing list archives
Re: Static nat to a distant network?
From: "Behm, Jeffrey L." <BehmJL () bv com>
Date: Fri, 6 Oct 2006 10:58:08 -0500
I might be missing the point of the question (wouldn't be the first time). I'm not all that familiar with the intricacies of PIX, but I suppose you *could*. The question is, though, how will the router between your PIX and the "one-hop-away" network know to route traffic back to your PIX for 10.1.3.200? Seems to me that if the distant network is defined as 10.1.3.0/24, then that IP address (10.1.3.200) is assumed to be on the "distant" network and your router won't route traffic headed to 10.1.3.200 off its "own" network over to the PIX. When an ARP request is generated your PIX won't ever see it to respond, since the ARP will stay on the "distant" network. On the other hand, I could be way off... Jeff -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of William Sent: Monday, October 02, 2006 1:31 PM To: Firewall Wizards Security Mailing List Subject: [fw-wiz] Static nat to a distant network? Hi, This is on my Cisco PIX 6.x Is it possible to do a static nat from my outside interface to a host which is one hop away from my dmz interface by just putting it in normally: static (dmz,outside) 10.1.1.200 10.1.3.200 where: outside = 10.1.1.199 dmz = 10.1.2.199 distant network 10.1.3.0/24 Thank you. W. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Static nat to a distant network? William (Oct 06)
- Re: Static nat to a distant network? Paul Melson (Oct 08)
- <Possible follow-ups>
- Re: Static nat to a distant network? Behm, Jeffrey L. (Oct 08)
- Re: Static nat to a distant network? Horvath, Kevin M. (Oct 08)