i looked through the various topics for something similar and didn't find anything. if this is already posted, please accept my apologies.
anyway, i have a pix515e, running ver 6.1(2). it has 6 interfaces, internal, external, and 4 DMZs (intf1, intf2, intf3, and intf4). my question is this:
say i have a webserver on dmz1. this dmz lives in a local subnet and is assigned the address of 22.214.171.124. currently, the PIX routes packets appropriately both to the outside and the inside as necessary. it needs to be accessible from both the outside as well as the inside. i have a PAT address assigned on the dmz with:
global (intf1) 1 126.96.36.199
nat (inside) 1 0.0.0.0 0.0.0.0
that allows any user on the 'inside' interface to be dynamically assigned an address of 188.8.131.52 on the dmz to access the webserver.
i have also setup a static mapping to the outside with the commands:
You will want to have no natting between the two hosts at all. This will most likely require you having a nat 0 access-list command for the higher security int in question (inside). The access lists should classify traffic between the subnets, or just these two hosts.
Allowing netbios sharing between these segments is pretty risky. I would try to find another file transfer method.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...