On the GNAC firewall list [EMAIL PROTECTED] wrote:
>
>Let�s suppose you have a public subnet of 30 bits, since the pix needs one IP
>for the outside interface and another one for the router, a 30 bit network is
>not enough to make it run, am I right? Becouse the PIX ALSO needs at least 1
>more ip for the PAT/NAT assignment. Is there any workaround for this problem?
If that's the way it is, then you'll have to make with that, and
I should think it is possible.
The outside address is not, in my experience, part of your
address space, but rather part of that of your ISP. It can even
be a part of RFC1918 address space, though public address space
is better for ICMP reasons.
The inside address should be quite OK as a part of your internal
address space. I can see no reason to waste a public IP on the
inside interface of a PIX, and several reasons why not to.
That gives you one IP for an externally accessible server, and
one IP for PAT. Of course, if you can get more IPs, do, but you
should be able to live with two.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
