Your assessment is correct, you'll need more address space.
Firewall-1 does allow you to designate the outside
IP address as the NAT address but it's my experience that this
generates a lot more log entries than having a separate address. Also FW-1
requires a separate address for each inbound service for a 30 bit mask won't
work if you have an internal mail server.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, October 01, 1999 9:52 AM
> To: [EMAIL PROTECTED]
> Subject: PIX Vs. Firewall-1
>
>
>
> Me again...problems again :)
>
> Let�s suppose you have a public subnet of 30 bits, since the pix needs one
> IP
> for the outside interface and another one for the router, a 30 bit network
> is
> not enough to make it run, am I right? Becouse the PIX ALSO needs at least
> 1
> more ip for the PAT/NAT assignment. Is there any workaround for this
> problem?
>
> And now the subject question..., what about the Firewall-1? Can you make
> it work
> with 30 bits in the outside network?
>
> Regards,
> Matias Christensen
> Networking Engineer
> Equant Argentina.
> +54-11-4349-0824
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
