If you're using a PIX, then I'd do it the PIX way - NAT. It's a complete
pain to try and configure PIXen without NAT and the documentation recommends
against it.
Unless you have a very specific reason for not using NAT (eg a protocol that
is not PIX nat-able) then it's usually best to follow the recommendations,
if only for supportability.
BTW: Standard PIX philosophy would see your DMZ hosts being advertised on
the trusted LAN as static NAT translations - ie in the trusted IP range.
Cheers,
--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
> -----Original Message-----
> From: Jim Johnson [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, 21 February 2001 9:06
> To: [EMAIL PROTECTED]
> Subject: To NAT or not to NAT in the DMZ, that is the question.
>
>
> I've got a PIX firewall with three NICs, one for the
> Internet, DMZ, and
> internal network. In my DMZ I'm trying to figure out whether
> or not I
> should use valid public IPs or use private IPs and then NAT.
[...]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
