From: Bill Carter (bcarter@xxxxxxxxxxxxxx)
Date: Mon Sep 10 2001 - 11:54:15 GMT-3
You could address the DMZ servers with public IP addresses. Then 1 static
commands to tell the PIX not to translate the DMZ addresses
global (outside) 1 y.y.y.100 netmask 255.255.255.128
nat (inside) 1 192.168.1.0 255.255.255.0 0 0
static (DMZ,outside) x.x.x.0 x.x.x.0 netmask 255.255.255.0
Read this link for building the access-list controlling traffic between the
DMZ and the Inside.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v51/config/mse
xchng.htm
^-^-^-^-^-^-^-^-^-^-^
Bill Carter
CCIE 5022
^-^-^-^-^-^-^-^-^-^-^
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Gordon White
Sent: Saturday, September 08, 2001 10:41 PM
To: cisco@groupstudy.com
Subject: pix, nat, and OWA [7:19152]
our pix is running nat, and i want to put an outlook web access server
on a dmz interface. however, all the netbios communication to the
domain controllers and exchange servers seems like it is going to
require a whole lot of static/conduits and a serious lmhosts file.
bottom line: is there a way to enable nat just for inside addresses
going outside? it seems that nat is an all or nothing set up. i'd
like to run nat just on the internet interface.
thanks,
gordon
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:16 GMT-3