Hi Roland, I agree that this is not a good idea, solution, or practice, but when one is requested to perform a task a particular way and that task is what generates my revenue, best practice does not apply. Had this been my own shop, there would have been some different engineering for this project.
Clue On Fri, Jul 17, 2009 at 1:45 PM, Roland Dobbins <rdobb...@arbor.net> wrote: > > On Jul 18, 2009, at 1:08 AM, Clue Store wrote: > > I have several domains pointed various >> ip's in a /27 (public block). I have one internal webserver inside of my >> network. I would like to be able to map the several outside IP's to one >> inside IP of my web server and perform DNS doctoring via the ASA so my >> inside hosts can use a DNS server outside of my network and still be able >> to >> get to the domains >> > > Not a good idea - an attacker can breathe on it, and it'll fall over, > instant DoS. Sticking servers behind firewalls, and NATting them, to boot, > is extremely poor security practice. > > ----------------------------------------------------------------------- > Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> > > Unfortunately, inefficiency scales really well. > > -- Kevin Lawton > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/