Re: PIX PPTP, no NAT

From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Mon Oct 30 2000 - 15:19:49 GMT-3

• Next message: Boaz Ri: "OT - FS Cisco 4000M with 4 Port Synch Serial, 2 Port Token Ring, 1 Port FDDI"
• Previous message: Sam Munzani: "Re: OSPF - On Demand Circuit Question"
• Maybe in reply to: Jim Bond: "PIX PPTP, no NAT"
• Next in thread: George Spahl: "Re: PIX PPTP, no NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Looks like we have conflct of definations here. Whatever everybody thinks
about the device is not that important. The guy who posted message might be
looking for an answer to his problem rather than learning defination of
router. Rather than fighting over defination let's help him.

Sam

> If your APC power strip had more than one interface and could route
packets
> between the interfaces then 'yes.'
>
> At 09:44 AM 10/30/00 -0800, Jay Hennigan wrote:
> >On Mon, 30 Oct 2000, Andrew wrote:
> >
> > > The PIX absolutely has default route statements. 'ip route
outside|inside'
> >
> >True. My APC power strip has a default route statement, does that make
> >it a router?
> >
> >If you try not to think of a PIX as a router, it will be a lot easier to
> >understand. Yes, it moves IP packets from one interface to another under
> >certain defined conditions. Routers also do this. So do proxy servers.
> >
> >But, you still need the static (inside,outside) for non-NAT applications
> >where the outside will be allowed certain conduits to the inside. And,
> >for non-NAT the inside and outside interfaces are in the same subnet.
> >
> >The PIX documentation is pretty good. The description under "static" in
> >the command reference addresses this.
> >
> >Without NAT, the interfaces are in the same subnet, no routing. With
NAT,
>
> What are you talking about? If there is NO NAT that does not mean they
are
> on the SAME subnet. As a matter of fact you can't HAVE the interfaces in
> the same subnet.
>
> >there's address translation taking place, but not what one would normally
> >think of as routing. The PIX is capable of recognizing whether a
destination
> >is part of an interface's local subnet and if not forwarding it to a
gateway.
> >
> >But, packets arriving on the outside interface with a destination of an
> >inside (higher security) interface are not handled by routing. The
outside
> >network is unaware of the existence of the inside network without a
static
> >mapping. This static mapping can be to a different address with NAT.
This
> >isn't what I'd call routing. The static mapping can also be to the same
> >address without NAT, in which case both interfaces are in the same
network.
> >This, IMHO, isn't routing either.
> >
> >--
> >Jay Hennigan - Network Administration - jay@west.net
> >NetLojix Communications, Inc. NASDAQ: NETX - http://www.netlojix.com/
> >WestNet: Connecting you to the planet. 805 884-6323
>

• Next message: Boaz Ri: "OT - FS Cisco 4000M with 4 Port Synch Serial, 2 Port Token Ring, 1 Port FDDI"
• Previous message: Sam Munzani: "Re: OSPF - On Demand Circuit Question"
• Maybe in reply to: Jim Bond: "PIX PPTP, no NAT"
• Next in thread: George Spahl: "Re: PIX PPTP, no NAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:32 GMT-3