04-03-2002 04:15 AM - edited 03-08-2019 10:13 PM
Hello
I would like to know if i can have a server having a global address residing on one of my interface (inside and DMZs). I do not want to do the static.
If this case can be done, please can you provide help. If it has any inconvenience on the working of the server or the firewall i would be more than thankful.
Thank you
04-03-2002 10:37 AM
Correct me if I'm wrong but you simply want a server connected possibly to one of your DMZ ports to have a LIVE outside IP rather than be NAT'd out?
ie the server simply sits on the firewall and has the address 63.x.x.x ? without being NAT'd at all?
04-03-2002 10:40 AM
If that is the case. Why not just bind the live IP to the outside of the PIX and forward all ports to the inside/dmz host? I dont' really see why that would be a bad thing... It protects that host.
just asking questions... tryin to help :D
04-03-2002 06:47 PM
You still have to do a static but instead of two seperate IP's you just type the same one twice. This fools the PIX and it translates the address back to itself. You will also need the appropriate conduits or access list to allow the services.
04-04-2002 09:51 AM
You can also use a "nat 0 ..." statement which allow the IP of the server to be not translated.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: