I have a question about a pix configuration.
We have an outside system (one of many) that is accessed both
from the Internet and the intranet via the address w.x.y.z.
Internet
|
|______________
| ____|__ w.x.y.z
outside ___|___ | |
PIX | | |______|
v 4.4(2) |______|
|
|
inside
global (outside) 1 w.x.a.1-w.x.b.254 netmask 255.255.0.0
note: w.x.y.z is not in global range
nat (inside) 1 0 0
Now the customer wants to move the system(s) to the DMZ and because
of internal processes and politics they want to maintain access to it
via the old external address of w.x.y.z (see below)
The system was moved and given a new address for the DMZ and the
following was added to the configuration:
static (DMZ, outside) w.x.y.z a.b.c.d netmask 255.255.255.255 0 0
Internet
|
|______________
outside |
___|___ ______
PIX | |________ | |
a.b.c.d
|______| DMZ |______|
|
|
inside
The problem is the box can be accessed via w.x.y.z from
the Internet but not from the inside. The inside can only access it via
a.b.c.d.
Is there a way to set this up? Will a statement like:
static (inside,DMZ) a.b.c.d w.x.y.z netmask 255.255.255.255 0 0
work?
Thanks in advance...
Ivor Hunt
IBM Global Services - Network Services
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
