Re: The behavior of static (inside, outside) 184.108.40.206 220.127.116.11
> Can a device on the inside of the pix be configured on the same network as the outside interface? ie 4.2.2.x network.
The device can have any IP address it wants, regardless of what is on the PIX. If your question is really asking "Can a device on the inside of the pix be configured on the same network as the outside interface AND STILL COMMUNICATE OUT THROUGH THE PIX", then the answer is no. The PIX is going to see the source address, see that it should be on the outside interface, and drop the packet.
> Will the static command forward the inbound Internet traffic (dest=18.104.22.168) to the server on the inside interface?
Possibly. The PIX does actually take the commands as you entered them, but they don't make sense. Normally when doing no-NAT, the static command takes the format:
static (high,low) high high
but what you have is:
static (high,low) low low
The PIX may pass this through, but more likely what it'll do is receive the packet for 22.214.171.124, run it through the static which won't change the destination address, then it'll look up it's forwarding table to see what interface it should go out on. This will be the outside interface rather than the inside, and because the PIX won't send a packet back out the same interface it came in on, the packet will be dropped.
This is all guess work actually, cause I can't say I've ever tried what you're doing. I will take any odds though that it won't work, either because the PIX drops it on the way in, or it drops it on the way back from the host.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...