I have some question regarding to the communication between inside and DMZ. Cisco configure example the link: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807fc191.shtml
according to this document.
DMZ IP: 192.168.1.0/24
inside IP: 172.20.1.1/24
the example gives configure communication from DMZ to inside by using static nat:
static (inside,DMZ) 192.168.2.20 172.20.1.5 netmask 255.255.255.255
here the ip given is 192.168.2.20. why is 192.168.2.20. not 192.168.1.20? Is that misatke?
Not in this example but another: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806745b8.shtml
when configuring communication from inside to DMZ by using real ip address:
static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0.
what is reason using real ip? just easy? Does this give less security than by using PAT?