It's probably better worded as static (high,low) [low IP address] [high IP address] netmask 255.255.255.255
Where high and low actually mean Higher security interface and Lower Security interface. Hopefully I haven't confused the issue, and looking at the date, hopefully there isn't another 40 posts to this thread that I haven't got to yet. Regards, Gaz ""Karagozian Sarkis"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am preparing for MCNS - Manual Ver 2.1 Page 6-22and not clear about Static > and Conduit commands with fixup protocol smtp 25. > > I Don't understand the static (inside,outside) global-ip local-ip ... > when I compare it with the below stated static command: > static (dmz2,dmz1) 172.16.1.10 10.1.1.1 netmask 255.255.255.255. > > Question? > Is static command always from lower nameif(dmz2)to higher nameif (dmz1)? > If so why is it always stated as: > static (inside,outside)? and not (Outside,Inside) ???? > > I am reading on page 6-22: > That the Mail Guard feature removes the need for an external Mail Relay > (Bastion Host) in the perimeter of DMZ network > > Once you create the Static and Conduit commands for an SMTP mail server, use > the fixup protocol 25 command to enable the PIX Firewall's Mail Guard > feature in PIX FW release 4.2 and later. > > Then says, The first IP address you specify in the static command is the 1st > IP address you specify in the conduit command as in example : > > static (dmz2,dmz1) 172.16.1.10 10.1.1.1 netmask 255.255.255.255 > conduit permit tcp host 10.1.1.1 10.1.1.0 255.255.255.0 > fixup protocol smtp 25 > > Also says: > The static command maps the adderess 10.1.1.1 on the dmz1 intf. so that > users on the dmz1 intf. can access the 172.16.1.10 host on the dmz2 intf. > The conduit command permits any users in the 10.11.1.0 network access the > 10.1.1.1 address over any tcp port. > > Is this correct? or should it say: > static (dmz1,dmz2) 172.16.1.10 10.1.1.1 netmask 255.255.255.255 > Can someone explain the above??? thanks. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46293&t=46002 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
