Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Inside to act as Outside

Hello All,

I am kind of new to networking and security but hear is my problem.

My company every Wednesday night does firewall changes but before they do the changes, they have another department (operations) manually validate the firewalls before the changes to see if the change afterward caused any problems. Operations is using a laptop directly connected to its ISP via a DSL connection to act as a customer would coming in to our network hitting different applications and so forth. Hence this validates the outside firewall.

The problem comes in now because upper management now wants a monitoring script to do what the operators would be doing. My company is using UniCenter/ClientVantage as their monitoring tools right now. They were thinking of putting the script on the DSL laptop but security didn?t like that for two reason;

1. Because it has no security, (directly connected to the outside world,

2. In order to run these monitoring scripts, the script accesses an internal server. This isn?t safe if it?s on that outside firewall.

My question is if there is some way we can have this script run on an inside the network dedicated machine, but act as if it was coming from the outside? Meaning that this inside machine would grab the script from whatever monitoring server it needed (as stated above) and then let it act (network/firewall) wise as if it was that DSL laptop mentioned above, so that we can safely test the outside firewall as if we were an outside customer even thought we are starting from the inside, not outside?

I know this was long and confusing, but any help from anyone would be great. Thanks all.

Andrew

2 REPLIES
Silver

Re: Inside to act as Outside

Configure static translation of inside source addresses when you want to allow one-to-one mapping between your inside local address and an inside global address. Static translation is useful when a host on the inside must be accessible by a fixed address from the outside.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a008044eddc.html

New Member

Re: Inside to act as Outside

My question is if there is some way we can have this script run on an inside the network dedicated machine, but act as if it was coming from the outside?

Sorry mate, this isn't possible, you need to be coming from the outside, how about... installing another nic into the pix on a private address range, just hanging the test laptop off this - you could configure this new nic as a outside interface with the exact same config as the current outside interafce (except ip address).

You could then test this without the risk of any external hackers breaking getting access to the laptop.

110
Views
0
Helpful
2
Replies
CreatePlease to create content