Solved

PIX NAT Explanation

Posted on 2011-02-28
4
368 Views
Last Modified: 2012-05-11
Static (dmz,inside) 10.10.10.1 172.16.15.1
Correct me if I am wrong.
This translation means when someone from inside to DMZ will target 10.10.10.1 that will be translated to 172.16.15.1.
Does that mean also that when someone from DMZ with the ip address of 172.16.15.1 ll be translated to 10.10.10.1.
Or its other way around please explain.
0
Comment
Question by:tech2010
4 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 400 total points
ID: 34997815
>>This translation means when someone from inside to DMZ will target 10.10.10.1 that will be translated to 172.16.15.1

Yep spot on!

>>Does that mean also that when someone from DMZ with the ip address of 172.16.15.1 ll be translated to 10.10.10.1.

Yes again

Remember this just translates the IP you would still need an access-list to allow traffic see my website here http://www.petenetlive.com/KB/Article/0000316.htm


Pete
0
 
LVL 17

Assisted Solution

by:Kvistofta
Kvistofta earned 100 total points
ID: 34997939
Just to clarify:

For traffic from inside to dmz, the DESTINATION ip will be translated, and for traffic from dmz to inside, the SOURCE ip will be translated.

/Kvistofta
0
 

Expert Comment

by:sebatdot
ID: 34998095
Hi,

Obviously, you should write : static (inside,dmz) 10.10.10.1 172.16.15.1
(note the PIX automatically adds a netmask of 255.255.255.255).

This means that coming from inside network with 10.10.10.1 will translate to 172.16.15.1.
That does not mean the reverse (172.16.15.1 => 10.10.10.1).

Acces from DMZ to LAN is prevented as far as your interfaces must have different security-level.

Hope this helps.

S.
0
 

Author Closing Comment

by:tech2010
ID: 35070136
Thanks to all who answered.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Stuck in INIT/DROTHER 2 49
Configuring Port Access on Cisco ASA 5 32
Unmanaged Switches for Optimized Network Speeds 7 50
route-map permit with a number 1 34
How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question