[c-nsp] Can the pix redirect outside addresses back to the inside?
Brian Feeny
signal at shreve.net
Sat Nov 13 13:07:16 EST 2004
I have a question I am hoping someone here can answer. I do not think
what I am asking is possible, but
I am hopeful someone here may know better.
Say you have a PIX, it has an inside network of 192.168.1.0/24 and an
outside network of 200.200.200.0/24.
192.168.1.0/24<----->PIX<----->200.200.200.0/24
There are various static mappings to map 200.200.200.0/24 addresses to
the 192.168.1.0/24 addresses.
Lets say the following static mapping exists:
static (inside,outside) 200.200.200.10 192.168.1.10 netmask
255.255.255.255
Is it possible for the user on the INSIDE to hit 200.200.200.10 and
arrive at 192.168.1.10?
I have used the various "dns doctoring" techniques so that thru name
resolution re-writing,
the pix will re-write a 200.200.200.0/24 IP address to an inside
address, but that's not what
I am proposing. I want the pix to actually receive a packet from the
INSIDE destined for
200.200.200.10 and do basically a destination NAT type function to land
the packet at
192.168.1.10. The reply of course would not go thru the pix, as
192.168.1.10 would then
reply directly to whoever on the INSIDE sourced the packet.......
My thought is, this is not possible. But if it is, please let me know
as I would be interested in
trying this for a particular situation.
Brian
---------------------------------------------
Brian Feeny, CCIE #8036, CISSP
Network Engineer
ShreveNet Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20041113/0a186dee/PGP.bin
More information about the cisco-nsp
mailing list