Does anyone know whether or how well the PIX (520) supports port mapping and statics when using DHCP on the outside interface?
From the docs, it looks like I can configure port mapping via statics when using DHCP by specifying the interface keyword rather than an IP address, but what about configuring the corresponding ACL? Do I have to permit 0.0.0.0?
I believe that if the destination is a pix interface, then the acl on the outside interface would not apply. Is the acl you refer to going to be configured on the outside interface? If so, and you want to limit who can connect to your inside server, you can use this:
The access-list on the static command would contain statements such as these:
access-list acl01 permit ip host inside-host dest-host/dest-network
where the dest-host/net is not the pix interface, but the true network that you want to permit incoming connections to. Note that the acl statements are coded as if the true inside host was initiating the connection, even though that is not happeneing.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...