Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX NAT issues or something like it

I have an issue where I need to bring a network into our network but because of that fact I can't route 172.x.x.x addresses through our provider (British Telecom Private Network)I need to figure out a way to nat a zone to another. The group is coming from 164.39.x.x and 145.78.x.x addresses destined for 172.x.x.x. I have The zones involved are CORPNET, I-DMZ and E-DMZ. CORPNET is the group coming in and I-DMZ and E-DMZ are where the servers reside that they need to get to.The zones are configured with security as follows:

CORPNET 65

I-DMZ 20

E-DMZ 40

I have a nat (CORPNET) 1 0.0.0.0 0.0.0.0 to allow CORPNET 10.0.100.64/26 to access other zones on our network and so far it seems to work fine. Any ideas?

  • Other Security Subjects
2 REPLIES

Re: PIX NAT issues or something like it

Hello

You can configure Remote access VPN to terminate on your PIX firewall and give access to the servers on inside/DMZ to the external users. By this way, you also secure the data traffic flowing through the service provider. You can refer to the configuration guide of the PIX firewall for more information.

Let us know if you require any more help on this.

RAj

New Member

Re: PIX NAT issues or something like it

Since they are part of the company we prefer not to VPN them in. We would prefer that they come in like any other zone. They are directly connected having to only pass through the FWSM to get inside. They are considered trusted traffic just not as trusted as say onsite users.

126
Views
0
Helpful
2
Replies
This widget could not be displayed.