I have a network connected to DSL via an 847 Router. We are adding a PIX firewall and I am a little confused about the translation rule for the email server.
Currently we have a pubic (static) IP assigned to the ATM interface of the router, and have 10.0.0.1 assigned on the router's LAN side. My plan is to assign 10.0.0.5 to the outside interface of the PIX, use 192.168.1.5 for the inside interface and then use the 192.168.1.0 range for my PC's/Server. My question is, should I translate the inside address of my email server (192.168.1.10) to the address of my router/gateway (10.0.0.1) on the unsecured side, or to my public IP address on the WAN side of the router?
Any help you could give me would be greatly appreciated, as this is my first attempt at PIX configuration. Thanks in advance.
If the port translation through the router is 10.0.0.10 on port 25 at the moment, when the pix is in place and address changes made as planned, simply add a static translation / ACL on the pix for the new address eg
access-list in_out permit tcp any host 192.168.1.10 eq smtp
access-group in_out in interface outside
The static will allow traffic from the mail server going out to translate to its original ip address requiring no further config on the router apart from clearing arp. Inbound traffic to the server will be natted through the router as before but now the pix will proxy arp for the server (192.168.1.10) on 10.0.0.10. So long as the routing is up to scratch, should all work fine.
This is the easiest way so won't even mention anything else.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...