Holy quick responses batman! :) See inline comment below. >If you're using a PIX, then I'd do it the PIX way - NAT. It's a complete >pain to try and configure PIXen without NAT and the documentation >recommends >against it. I'll probably follow your advice based on your comments belows. I don't understand, however, why configuring the pix to not do NAT is such a scary thing. Using nat0 with an access list seems simple enough to me. Does this command not work correctly? I've seen others on this list recommonded against using nat0, but I've never understood why. In my test environment nat0 seems to work easy/well enough. >Unless you have a very specific reason for not using NAT (eg a protocol >that >is not PIX nat-able) then it's usually best to follow the recommendations, >if only for supportability. > >BTW: Standard PIX philosophy would see your DMZ hosts being advertised on >the trusted LAN as static NAT translations - ie in the trusted IP range. > >Cheers, > >-- >Ben Nagy >Network Security Specialist >Marconi Services Australia Pty Ltd >Mb: +61 414 411 520 PGP Key ID: 0x1A86E304 > [cut my original email about NATing in a DMZ] _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
