Correct-
It can be done, but it does require a static mapping. One question to verify
what you are asking:
You want to ping from the internet to you lan like so:
Ping from x.x.x.x to y.y.y.y, where x.x.x.x is an internet routable address,
and y.y.y.y is a static translation of your private addresses, and not the
private address themselves?
andras
-----Original Message-----
From: Rizzo Damian [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 10:50 AM
To: [EMAIL PROTECTED]
Subject: RE: PIX question... [7:5248]
Actually it seems as if you understand exactly what I'm asking. Your idea is
very similar to mine. However it didn't work unfortunately. Let me ask this
another way, if you don't mind...You have an internet router which is
directly connected to the external (un-trusted) interface of your PIX
firewall. Basically I want to be able to access my internal LAN with private
IP addresses from the Internet router with Public IP addresses. So I should
be able to telnet onto my internet router and ping my privately held LAN.
Forget about Security, I just want to know if it can be done. The static
mapping doesn't seem to work. Probably because it require a one-to-one
mapping no? Thanks for any help in advance!
-Rizzo
-----Original Message-----
From: Craig Columbus [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 1:12 PM
To: [EMAIL PROTECTED]
Subject: RE: PIX question... [7:5248]
I'm not clear on what you're asking. Are you asking if the PIX can take a
public IP and make it appear as a private IP on the internal network? The
answer is yes, although you certainly want to be careful with this and I
can't say that this is a recommended config. You'll need a config similar
to the one below:
nat (outside) 1 0 0
static (inside,outside)
netmask 255.255.255.255
access-list permit ip any host
For more info, reference
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/exa
mples.htm#xtocid274896
Thanks,
Craig
At 12:14 PM 5/21/2001 -0400, you wrote:
>We are aware of the VPN solution and that is our long term goal. However,
>for the moment, all I need to know is if it is possible to NAT from an
>outside (not trusted) interface to an inside (trusted) interface.
>
> Thank you!
>
> -Rizzo
>
>
>
>
>-----Original Message-----
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>Sent: Monday, May 21, 2001 11:44 AM
>To: Rizzo Damian
>Cc: [EMAIL PROTECTED]
>Subject: Re: PIX question... [7:5248]
>
>Sounds like a VPN is your best bet.
>Should you decide to implement the VPN, you may want to consider whether
>you still need to maintain the modem pool on the Internet router. Reducing
>this cost could help justify the cost of implementing a VPN solution. A
>properly authenticated VPN user should be able to use any dial-up Internet
>connection to reach your LAN.
>
>Craig
>
>At 10:15 AM 5/21/2001 -0400, you wrote:
> >Hey all, is it possible to translate public IP addresses (outside) to
> >private IP addresses (inside) on a PIX firewall. Basically the exact
> >opposite of what's usually performed on a firewall. We are going to have
> >users dial in to our internet router and receive a Public IP address.
They
> >have to get through our firewall to gain access to our LAN. Is there a
way
> >to translate the Public IP address they will obtain into a private IP
> >address used by our LAN so they can access it? I thank you for your
>help...
> >
> >
> > -Rizzo
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5296&t=5248
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]