At 03:02 PM 2/19/2002 -0800, [EMAIL PROTECTED] wrote: >Message: 6 >Date: Tue, 19 Feb 2002 13:01:50 -0800 (PST) >From: kk downing <[EMAIL PROTECTED]> >Subject: Cisco PIX DMZ with PAT ? >To: [EMAIL PROTECTED] > >Hello, >We have a very small network with three IPs from our >DSL provider. We currently have one legal IP as the >public interface on our PIX, and we use PAT for a >second address so that all machines on the private >10.0.0.0 network can use to get out to the internet. >We just purchased a third NIC for a DMZ to put our >mail server on. We obvioulsy want to allow public >access to this machine for port 25. Is the correct way >to do this to add a third legal IP for PAT and have >our mail server use this IP for its public access or >should we be hiding behind the public IP address on >the public interface of our PIX and just have our MX >records pointing to this IP and let PAT sort it out?
I'd suggest locating the mail server on the DMZ perimeter and using the third legal IP and NAT to reach it. It's pretty clean and simple that way. > I >appreciate any feedback you could give me in this >matter. Thank you. Liberty for All, Brian P.S. Did you know that there's a PIX Mail List? See: http://groups.yahoo.com/group/PIX_Firewall _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
