[afnog] PIX Firewall and DMZ NAT - help

David Chima dchima at malswitch.mw
Fri Jun 6 13:13:39 UTC 2008


Thanks Antonio
Thanks Gogwim

After Antonio hinted on doing NAT on the routers, I jumped straight 
there and lo, it is working

Once again. Thanks

David

GOGWIM, JOEL GODWIN wrote:
> Just to add to what Antonio has said.
> If your leased interface to the client is e.g. 10.x.x.3/30(or /20) then
> you are going to NAT the 10.x.x.3 so that all traffics coming from
> 192.168.z.0/24(client)network could pass through your DMZ.
>
> Good lock.
>
> On Tue, June 3, 2008 8:17 am, Antonio Godinho said:
>   
>> If I understand correctly, you should NAT the IP that is on the leased
>> line
>> interface of your client router.
>>
>> Cheers,
>>
>> AG
>>
>> On Tue, 03 Jun 2008 07:52:34 +0200, David Chima wrote
>>     
>>> Hello
>>> I have a cisco pix firewall 515E (six interfaces) unrestricted license
>>>
>>> I have a network on the DMZ 10.x.y.0/20 which is working fine. In
>>> this same network I have a router that connects a client network
>>> 192.168.z.0/24 through a leased line. In other words the network is
>>> two hops away. I have problems to do nat for the client network (two
>>> hops away) on my pix. Is there anyone to help. I have no problems
>>> doing nat for networks connected directly the pix.
>>>
>>> Regards
>>>
>>> David
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content, and is believed to be clean.
>>> Malawi Switch Center
>>>
>>> _______________________________________________
>>> afnog mailing list
>>> http://afnog.org/mailman/listinfo/afnog
>>>       
>> --
>> Antonio Godinho
>> B.Sc., MCP+I, MCSE, CCNA, CCNP
>> CIUEM
>> Maputo
>> Mozambique
>>
>>
>> _______________________________________________
>> afnog mailing list
>> http://afnog.org/mailman/listinfo/afnog
>>
>>     
>
>
>
>   

-- 
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
Malawi Switch Center





More information about the afnog mailing list