I have a PIX 515 that I am using to seperate trusted and non-trusted devices on my WAN/LAN. ( There is no internet connection) The outside I/F is used to connect 7 remote sites using IP network numbers between 192.168.50.0 and 192.168.56.0 The outside devices only access a server on the DMZ 192.168.108.2. Until now no address translation was required. I now have to connect another network 172.16.0.0 which I need to translate as it conflicts with addresses used on the inside i/f. The managed WAN provider will not NAT on the routers. I cannot use dynamic nat as I am going from a lower trust I/F to a higher trust I/F. Can I put in static command that looks something like
static (dmz,outside) 172.16.0.0 192.168.45.5
Will this only translate incoming packets from the 172.16.0.0 networks and leave the 192.168.50.0 alone or will it cause problems. The PIX is used pretty much 24 x 7 so i need to be pretty sure of the change before I implment it
Please make sure that you permit the traffic from 172.16.0.0/24 to 192.168.108.2 in the outside ACL and if there is any ACL on the DMZ interface then you permit the traffic from 192.168.108.2 to 192.168.45.0/24.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...