static nat and tcp limits

Unanswered Question
Feb 29th, 2008

Hello,

I'm using Cisco Pix 515E, 8.0(3).

I have two networks - inside and dmz. Inside has sec. level 100, dmz 50. To communicate hosts from inside to dmz I made

static (inside,dmz) 172.16.0.0 172.16.0.0 netmask 255.255.0.0 tcp 0 10.

I think that Pix during NAT vindicate NAT-ed IP address on destination interface, so I had on these segments two devices with the same IP address.

Is it true? What is the best solution; disable nat-control and then disable static record?

Many thanks,

Vladislav

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
abinjola Fri, 02/29/2008 - 07:45

I am not sure what you mean by "I think that Pix during NAT vindicate NAT-ed IP address on destination interface, "

this is self static rule that you have in place...it will make sure the source is always preserved when you go from inside to dmz.

valsidalv Sat, 03/01/2008 - 03:51

Hello,

I mean, when embryonic connection threshold is reached, pix acts as proxy and respond with syn-ack.

So when I make static identity NAT, I'm not sure if I will have two same IP address. One - the physical server, two - from which pix respond(after treshold). Becasue I make NAT, where inside IP addresses present on dmz side.

Vladislav

Actions

This Discussion