• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 386
  • Last Modified:

PIX NAT Explanation

Static (dmz,inside) 10.10.10.1 172.16.15.1
Correct me if I am wrong.
This translation means when someone from inside to DMZ will target 10.10.10.1 that will be translated to 172.16.15.1.
Does that mean also that when someone from DMZ with the ip address of 172.16.15.1 ll be translated to 10.10.10.1.
Or its other way around please explain.
0
tech2010
Asked:
tech2010
2 Solutions
 
Pete LongTechnical ConsultantCommented:
>>This translation means when someone from inside to DMZ will target 10.10.10.1 that will be translated to 172.16.15.1

Yep spot on!

>>Does that mean also that when someone from DMZ with the ip address of 172.16.15.1 ll be translated to 10.10.10.1.

Yes again

Remember this just translates the IP you would still need an access-list to allow traffic see my website here http://www.petenetlive.com/KB/Article/0000316.htm


Pete
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Just to clarify:

For traffic from inside to dmz, the DESTINATION ip will be translated, and for traffic from dmz to inside, the SOURCE ip will be translated.

/Kvistofta
0
 
sebatdotCommented:
Hi,

Obviously, you should write : static (inside,dmz) 10.10.10.1 172.16.15.1
(note the PIX automatically adds a netmask of 255.255.255.255).

This means that coming from inside network with 10.10.10.1 will translate to 172.16.15.1.
That does not mean the reverse (172.16.15.1 => 10.10.10.1).

Acces from DMZ to LAN is prevented as far as your interfaces must have different security-level.

Hope this helps.

S.
0
 
tech2010Author Commented:
Thanks to all who answered.
0

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now