Hey guys, had a quick question on the PIX FW. When implementing a DMZ what would be the tangible benefit of using the traditional: NAT outside to DMZ inside, create ACLs. As opposed to making a NAT 0 statement in the firewall?
Either way you are going to be using ACL's on the firewall to permit/deny traffic? Either way the server that you want "exposed" is going to be on a different VLAN? The only thing that I can think of is if you have say, a limited # of IP's on the outside (I know we all do) but more in the range of 1 External IP and you had 5 machines on the inside, running different services (FTP, WWW, SSH) whatever, then you would need to do the traditional DMZ, and NAT back. Does putting the NAT 0 statement disable the firewall from doing fix-ups to the NAT0'ed address? I just don't see the need for the traditional way of DMZ'ing if NAT 0 is going to accomplish the same thing without all the extra configuration. Comments? Just trying to get a grip on it. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53478&t=53478 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
