[afnog] PIX Firewall and DMZ NAT - help

GOGWIM, JOEL GODWIN gogwim at unijos.edu.ng
Fri Jun 6 10:23:02 UTC 2008


Just to add to what Antonio has said.
If your leased interface to the client is e.g. 10.x.x.3/30(or /20) then
you are going to NAT the 10.x.x.3 so that all traffics coming from
192.168.z.0/24(client)network could pass through your DMZ.

Good lock.

On Tue, June 3, 2008 8:17 am, Antonio Godinho said:
> If I understand correctly, you should NAT the IP that is on the leased
> line
> interface of your client router.
>
> Cheers,
>
> AG
>
> On Tue, 03 Jun 2008 07:52:34 +0200, David Chima wrote
>> Hello
>> I have a cisco pix firewall 515E (six interfaces) unrestricted license
>>
>> I have a network on the DMZ 10.x.y.0/20 which is working fine. In
>> this same network I have a router that connects a client network
>> 192.168.z.0/24 through a leased line. In other words the network is
>> two hops away. I have problems to do nat for the client network (two
>> hops away) on my pix. Is there anyone to help. I have no problems
>> doing nat for networks connected directly the pix.
>>
>> Regards
>>
>> David
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content, and is believed to be clean.
>> Malawi Switch Center
>>
>> _______________________________________________
>> afnog mailing list
>> http://afnog.org/mailman/listinfo/afnog
>
>
> --
> Antonio Godinho
> B.Sc., MCP+I, MCSE, CCNA, CCNP
> CIUEM
> Maputo
> Mozambique
>
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>






More information about the afnog mailing list