> My first question is, is this possible, I have only one
> public IP address,
> and
> I am using nat to hide my internal network, and I want to connect to a
> machine with vnc on that with private ip
> And then run my web server and ftp server inside that
> network.
> So my question is how can I
> global (dmz) 1 10.10.10.1 netmask 255.255.255.255
> nat (inside) 1 192.168.0.0 255.255.255.0 0 0
>
> Am I correct to understand that only the specified
> traffic from the Inside interface, 192.168.0.X will be
> NATed to the address 10.10.10.1 when it enters the
> DMZ? This is also to say th
> I am attempting to block the multimedia search program kazaa
> on a pix 515
> running ios 4.4.
> Pinging the Kazaa website, I got a address of 213.248.107.10.
> The program
> uses port 1214.
> I need to block any access to the website and to the program.
> I have tried
> several conduits
>
> OK, I know this is more of a theoretical debate, because in reality we
> are able and should do BOTH.
>
>
> But according to you, which is more important? Paying attention to
> having great firewall with a great ACL more than hardening
> and patching
> the systems? Or not have to worry abou