Solved

PIX NAT Explanation

Posted on 2011-02-28
4
377 Views
Last Modified: 2012-05-11
Static (dmz,inside) 10.10.10.1 172.16.15.1
Correct me if I am wrong.
This translation means when someone from inside to DMZ will target 10.10.10.1 that will be translated to 172.16.15.1.
Does that mean also that when someone from DMZ with the ip address of 172.16.15.1 ll be translated to 10.10.10.1.
Or its other way around please explain.
0
Comment
Question by:tech2010
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 400 total points
ID: 34997815
>>This translation means when someone from inside to DMZ will target 10.10.10.1 that will be translated to 172.16.15.1

Yep spot on!

>>Does that mean also that when someone from DMZ with the ip address of 172.16.15.1 ll be translated to 10.10.10.1.

Yes again

Remember this just translates the IP you would still need an access-list to allow traffic see my website here http://www.petenetlive.com/KB/Article/0000316.htm


Pete
0
 
LVL 17

Assisted Solution

by:Kvistofta
Kvistofta earned 100 total points
ID: 34997939
Just to clarify:

For traffic from inside to dmz, the DESTINATION ip will be translated, and for traffic from dmz to inside, the SOURCE ip will be translated.

/Kvistofta
0
 

Expert Comment

by:sebatdot
ID: 34998095
Hi,

Obviously, you should write : static (inside,dmz) 10.10.10.1 172.16.15.1
(note the PIX automatically adds a netmask of 255.255.255.255).

This means that coming from inside network with 10.10.10.1 will translate to 172.16.15.1.
That does not mean the reverse (172.16.15.1 => 10.10.10.1).

Acces from DMZ to LAN is prevented as far as your interfaces must have different security-level.

Hope this helps.

S.
0
 

Author Closing Comment

by:tech2010
ID: 35070136
Thanks to all who answered.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month11 days, 10 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question