OK kids. Allowing packets from a lower security level interface to a higher
security level interface requires a conduit or access list. So yes, it can
be
done. I wouldn't forget about security though. ;^)
D.
At 01:50 PM 05/21/2001 -0400, Rizzo Damian wrote:
>Actually it seems as if you understand exactly what I'm asking. Your idea is
>very similar to mine. However it didn't work unfortunately. Let me ask this
>another way, if you don't mind...You have an internet router which is
>directly connected to the external (un-trusted) interface of your PIX
>firewall. Basically I want to be able to access my internal LAN with private
>IP addresses from the Internet router with Public IP addresses. So I should
>be able to telnet onto my internet router and ping my privately held LAN.
>Forget about Security, I just want to know if it can be done. The static
>mapping doesn't seem to work. Probably because it require a one-to-one
>mapping no? Thanks for any help in advance!
>
>
>
> -Rizzo
>
>
>
>
>
>-----Original Message-----
>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>Sent: Monday, May 21, 2001 1:12 PM
>To: [EMAIL PROTECTED]
>Subject: RE: PIX question... [7:5248]
>
>I'm not clear on what you're asking. Are you asking if the PIX can take a
>public IP and make it appear as a private IP on the internal network? The
>answer is yes, although you certainly want to be careful with this and I
>can't say that this is a recommended config. You'll need a config similar
>to the one below:
>
>nat (outside) 1 0 0
>static (inside,outside)
> netmask 255.255.255.255
>access-list permit ip any host
>
>For more info, reference
>http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v52/config/exa
>mples.htm#xtocid274896
>
>Thanks,
>Craig
>
>At 12:14 PM 5/21/2001 -0400, you wrote:
>>We are aware of the VPN solution and that is our long term goal. However,
>>for the moment, all I need to know is if it is possible to NAT from an
>>outside (not trusted) interface to an inside (trusted) interface.
>>
>> Thank you!
>>
>> -Rizzo
>>
>>
>>
>>
>>-----Original Message-----
>>From: Craig Columbus [mailto:[EMAIL PROTECTED]]
>>Sent: Monday, May 21, 2001 11:44 AM
>>To: Rizzo Damian
>>Cc: [EMAIL PROTECTED]
>>Subject: Re: PIX question... [7:5248]
>>
>>Sounds like a VPN is your best bet.
>>Should you decide to implement the VPN, you may want to consider whether
>>you still need to maintain the modem pool on the Internet router. Reducing
>>this cost could help justify the cost of implementing a VPN solution. A
>>properly authenticated VPN user should be able to use any dial-up Internet
>>connection to reach your LAN.
>>
>>Craig
>>
>>At 10:15 AM 5/21/2001 -0400, you wrote:
>> >Hey all, is it possible to translate public IP addresses (outside) to
>> >private IP addresses (inside) on a PIX firewall. Basically the exact
>> >opposite of what's usually performed on a firewall. We are going to have
>> >users dial in to our internet router and receive a Public IP address.
>They
>> >have to get through our firewall to gain access to our LAN. Is there a
>way
>> >to translate the Public IP address they will obtain into a private IP
>> >address used by our LAN so they can access it? I thank you for your
>>help...
>> >
>> >
>> > -Rizzo
>> >FAQ, list archives, and subscription info:
>> >http://www.groupstudy.com/list/cisco.html
>> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>>FAQ, list archives, and subscription info:
>>http://www.groupstudy.com/list/cisco.html
>>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
****************************************************************************
***********************************
Darren S. Crawford
Lucent Technologies Worldwide Services
2377 Gold Meadow Way Phone: (916) 859-5200 x310
Suite 230 Fax: (916) 859-5201
Sacramento, CA 95670 Pager: (800) 467-1467
Email: [EMAIL PROTECTED] Epager: [EMAIL PROTECTED]
http://www.lucent.com Network Systems
Consultant - CCNA, CCIE Written
"Providing the Power Operable Networks."
****************************************************************************
***********************************
"Ham and Eggs - A day's work for a chicken; A lifetime commitment
for a
pig."
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=5322&t=5248
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
