Re: Another for the PIX experts.

Wed, 14 Mar 2001 23:35:52 -0800 

Ok I tested this in the lab and now rolled it out.  I
have a PIX 525 and using all interfacex with NAT 0.

But for the matter of this email lets look at three
interfaces.  

Outside sec 0
Inside sec 100
Dmz sec 50

I have blanket NAT (inside) 0 0 0 and NAT (dmz) 0 0 0
(you can also use the actual specific network address
space you are using on in the area.)  Within these
areas I have a NAT statement (NAT (inside) 10
10.x.x.x/24 and NAT (dmz) 20 10.y.y.y/24) using these
NATs with matching Globals on the outside interface
works.

Put this together with blanket Static statements from
your high to low networks and you are done.

At this point you can access actual IPs from DMZ to
Inside and the other way.  You can also access the Net
(outside) through a NAT.

Always remeber that NAT 0 is not no NAT.  Do the debug
ICMP trace and watch the fact that NAT happens, but
just to the same IP address.  Looks kinda funny!

Moe.


--- J Roysdon <[EMAIL PROTECTED]> wrote:
> Almost 100% sure you cannot.  I believe you can do
> the reverse (specify at
> NAT X /16, and NAT 0 /24 within that range to stop
> it).  Someone should test
> and let us know ;-)
> 
> --
> Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA,
> Network+, A+
> List email: [EMAIL PROTECTED]
> Homepage: http://jason.artoo.net/
> Cisco resources: http://r2cisco.artoo.net/
> 
> 
> "Moe Tavakoli" <[EMAIL PROTECTED]> wrote in
> message
>
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Can you have a NAT 0 for a 16-bit sub-net and have
> a
> > NAT X for the 24-bit sub-net within the 16-bit
> subnet?
> >
> > =====
> > _____________________________________________
> > Moe Tavakoli
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Get email at your own domain with Yahoo! Mail.
> > http://personal.mail.yahoo.com/
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
> 
> 
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


=====
_____________________________________________
Moe Tavakoli

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to