PIX NAT Explanation

Static (dmz,inside) 10.10.10.1 172.16.15.1
Correct me if I am wrong.
This translation means when someone from inside to DMZ will target 10.10.10.1 that will be translated to 172.16.15.1.
Does that mean also that when someone from DMZ with the ip address of 172.16.15.1 ll be translated to 10.10.10.1.
Or its other way around please explain.
tech2010Asked:
Who is Participating?
 
Pete LongConnect With a Mentor Technical ConsultantCommented:
>>This translation means when someone from inside to DMZ will target 10.10.10.1 that will be translated to 172.16.15.1

Yep spot on!

>>Does that mean also that when someone from DMZ with the ip address of 172.16.15.1 ll be translated to 10.10.10.1.

Yes again

Remember this just translates the IP you would still need an access-list to allow traffic see my website here http://www.petenetlive.com/KB/Article/0000316.htm


Pete
0
 
Jimmy Larsson, CISSP, CEHConnect With a Mentor Network and Security consultantCommented:
Just to clarify:

For traffic from inside to dmz, the DESTINATION ip will be translated, and for traffic from dmz to inside, the SOURCE ip will be translated.

/Kvistofta
0
 
sebatdotCommented:
Hi,

Obviously, you should write : static (inside,dmz) 10.10.10.1 172.16.15.1
(note the PIX automatically adds a netmask of 255.255.255.255).

This means that coming from inside network with 10.10.10.1 will translate to 172.16.15.1.
That does not mean the reverse (172.16.15.1 => 10.10.10.1).

Acces from DMZ to LAN is prevented as far as your interfaces must have different security-level.

Hope this helps.

S.
0
 
tech2010Author Commented:
Thanks to all who answered.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.