|
Posted by Petey on June 6, 2008, 6:54 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I am reviewing a PIX configuration and there are some interesting nat/
global statements that I wanted to clarify. Here are some of the NAT
statements I am unsure of...
NAT ID Set 1
global (inside) 1 insideip netmask 255.255.255.255
nat (dmz) 1 dmznet1 255.255.240.0 0 0
nat (dmz) 1 dmznet2 255.255.0.0 0 0
nat (dmz) 1 dmznet3 255.255.0.0 0 0
nat (dmz) 1 dmznet4 255.255.0.0 0 0
This I believe should work, but isen't it usually nat from higher sec
level and global at the lower sec level. here it is reversed. But it
will work as expected assuming acls in place correct?
The other set is NAT ID Set 4
global (DMZ) 4 DMZIP netmask 255.255.255.255
nat (DMZ) 4 inside_net1 255.255.255.0 0 0
nat (DMZ) 4 inside_net2 255.255.255.0 0 0
nat (DMZ) 4 inside_net3 255.255.254.0 0 0
nat (DMZ) 4 inside_net4 255.255.0.0 0 0
In this case the interface on both nat and global is DMZ. And the
subnets listed on the NAT statements are located off the inside
interface. Will this nat set do anything?
Finally I have a number of alias commands like alias(inside)
xx.xx.xx.xx yy.yy.yy.yy followed by matching static commands:
static(inside,dmz) yy.yy.yy.yy xx.xx.xx.xx. (The yy.yy.yy.yy are the
real addresses of hosts on the DMZ) are the static statements
required? What is their purpose.
| 
XML site map