Hi Roland, I agree that this is not a good idea, solution, or practice, but when one is requested to perform a task a particular way and that task is what generates my revenue, best practice does not apply. Had this been my own shop, there would have been some different engineering for this project.
Clue On Fri, Jul 17, 2009 at 1:45 PM, Roland Dobbins <[email protected]> wrote: > > On Jul 18, 2009, at 1:08 AM, Clue Store wrote: > > I have several domains pointed various >> ip's in a /27 (public block). I have one internal webserver inside of my >> network. I would like to be able to map the several outside IP's to one >> inside IP of my web server and perform DNS doctoring via the ASA so my >> inside hosts can use a DNS server outside of my network and still be able >> to >> get to the domains >> > > Not a good idea - an attacker can breathe on it, and it'll fall over, > instant DoS. Sticking servers behind firewalls, and NATting them, to boot, > is extremely poor security practice. > > ----------------------------------------------------------------------- > Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> > > Unfortunately, inefficiency scales really well. > > -- Kevin Lawton > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
