03-16-2003 12:29 AM - edited 02-20-2020 10:37 PM
Gents,
I mean once inside private IP addresses are translated to global address.cud anyone ping those ip address (global one)from Internet.I have enabled
conduit permit icmp any any (Is this the reason or PIX sud have done this by default)
2- why and at what point NATing Traslation takes place specially when I am using proxyserver.To me only Proxyserver IP sud be translated to global since all users connect to proxy which points to PIX .
when I see
Sh xlate
it shows all inside addresses translated to global ??
Rgds
03-16-2003 06:53 PM
If you have a condiut/ACL allowing ICMP thru, then yes, all your inside hosts that have a static associated with them will be pingable.
NAT'ing takes place in between the packet entering the inside interface and before the PIX sends it out teh outside interface. If your "sho xlate" shows all of your internal addresses, that's because that's what the PIX is seeing in the packets that enter it.
03-17-2003 12:54 AM
Thanx Sir,
It silenced me 99%. my fear was why user IP packets are reaching to PIX when there is a proxy server (for http traffic) and a layer 3 switch before PIX.
But Nobody from outside can access global IP unless I statically map and then give access thru conduit/acl ?? is it right ??
03-17-2003 04:56 PM
Correct.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide