Re: PIX NAT issues or something like it

wr3500 · ‎11-23-2005

I have an issue where I need to bring a network into our network but because of that fact I can't route 172.x.x.x addresses through our provider (British Telecom Private Network)I need to figure out a way to nat a zone to another. The group is coming from 164.39.x.x and 145.78.x.x addresses destined for 172.x.x.x. I have The zones involved are CORPNET, I-DMZ and E-DMZ. CORPNET is the group coming in and I-DMZ and E-DMZ are where the servers reside that they need to get to.The zones are configured with security as follows:

CORPNET 65

I-DMZ 20

E-DMZ 40

I have a nat (CORPNET) 1 0.0.0.0 0.0.0.0 to allow CORPNET 10.0.100.64/26 to access other zones on our network and so far it seems to work fine. Any ideas?

sachinraja · ‎11-24-2005

Hello

You can configure Remote access VPN to terminate on your PIX firewall and give access to the servers on inside/DMZ to the external users. By this way, you also secure the data traffic flowing through the service provider. You can refer to the configuration guide of the PIX firewall for more information.

Let us know if you require any more help on this.

RAj

wr3500 · ‎11-25-2005

Since they are part of the company we prefer not to VPN them in. We would prefer that they come in like any other zone. They are directly connected having to only pass through the FWSM to get inside. They are considered trusted traffic just not as trusted as say onsite users.