Not being much familiar with pix or firewall configuration for that matter, a simple question for those in the know.
In relation to a pix 515e with 3 interfaces (e0=outside, e1=inside, e2=dmz) is it the norm for devices located within the dmz to have private ip addresses assigned to them, and then to use the public ip address space for access from the outside interface? All the config examples within this forum and tech docs show only private ip addresses used within the dmz.
I just need some clarification on this, as I am studying firewall configuration especially pertaining to the pix 515e.
Yes, it is a very common practice to use the private addresses on the inside and dmz and then translate the addresses when communication is required from outside to inside/dmz. The advantage is that you are hiding the actual address of the machines with the help of NAT engine.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...