Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
0
Helpful
5
Replies

static nat question

Go to solution
anthonytong
Level 1
Level 1

‎02-03-2006 07:56 AM - edited ‎03-09-2019 01:50 PM

Dear all,

I would like to ask if it is possible to have the virtual ip address assigned in the higher security level zone for static nat in PIX 7.0.

i.e.

real ip in dmz: 192.168.1.1

virtual ip in inside: 172.16.1.1

dmz security level: 50

inside security level: 100

static (dmz,inside) 172.16.1.1 192.168.1.1 netmask 255.255.255.255

I encountered situation where network behind inside segment cannot reach the dmz segment and a virtual ip is needed to be assigned in the inside segment for server in dmz segment. Such nat seems not work in PIX 6.3. Thanks in advance!

Anthony

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jackko
Level 7
Level 7

‎02-03-2006 04:10 PM

providing you prefer not to nat between inside and dmz, do "no nat-control". with this command disabled, pix v7 will forward traffic without nat/global/static configured.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
haithamnofal
Level 3
Level 3

‎02-03-2006 10:06 AM

Hello Anthony,

You mentioned that you were not able to reach the DMZ from the internal network; did you apply the proper NAT configuration before trying that (i.e. NAT and Global commands)?

Anyhow, mapping the DMZ address to an inside address in the way you mentioned should work. Try "debug icmp trace" and run an ICMP test after applying this static to verify how address translation works then let us know how things move with you.

Best Regards,

Haitham

0 Helpful

Go to solution
jackko
Level 7
Level 7

‎02-03-2006 04:10 PM

providing you prefer not to nat between inside and dmz, do "no nat-control". with this command disabled, pix v7 will forward traffic without nat/global/static configured.

0 Helpful

Go to solution
haithamnofal
Level 3
Level 3
In response to jackko

‎02-04-2006 06:14 AM

Hi,

But wouldn't it be dangerous to disable NATting like this, as NATting is still required between inside and outside? To which extent will the effect of this command be in terms of address translation on the other interfaces?

Regrds,

Haitham

0 Helpful

Go to solution
jackko
Level 7
Level 7
In response to haithamnofal

‎02-05-2006 02:11 AM

by disabling the "nat-control", it doesn't mean that you can't configure nat/global/static. all it means to the pix is that pix will permit traffic even nat/global/static is not in place.

0 Helpful

Go to solution
anthonytong
Level 1
Level 1
In response to jackko

‎02-08-2006 09:56 PM

Thanks, it works after nat-control is disabled.

Anthony

0 Helpful
Customers Also Viewed These Support Documents