No,no.. one machine on the inside with two external NAT addresses... this
client is nat'ing for two different connections (one from a vendor, one from
another network) on the same firewall.
If I am on the vendor network, I need to connect to 95.x.x.7 to reach the
internal web server, but from the internet, I need to connect to 205.x.x.7.
These public addresses are then translated to the internal 10.0.0.1 address.
My question is: "Can this be done?"
so you have nat rules like this
internal_www, any, any 205-net-static, orig, orig
internal_www, any, any 95-net-static, orig, orig
I hope that is more clear...
The 205 arped address is not responding to anything.
Carric Dooley
Network Security Consultant
"I have often regretted my speech, never my silence."
- Xenocrates (396-314 B.C.)
----- Original Message -----
From: "Tony Kim" <[EMAIL PROTECTED]>
To: "Carric Dooley" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Thursday, June 01, 2000 5:50 PM
Subject: Re: [FW1] NAT Question
> Why would you want to assign 2 machines the same internal IP?.
> What is the scenario ? I am confused by your diagram...
>
> At 02:36 PM 01/06/00 , Carric Dooley wrote:
> >
> >Question:
> >
> >Does anyone know for sure if you can nat multiple public addresses to a
> >single internal address and how one would do it? Here is the issue:
> >
> >Vendor1 Internet
> > 95.x.x.x (net) /
> > \ /
> > \ /
> >
> > 95.x.x.5 Firewall 205.x.x.5 (real address of
pulic
> >IF)
> > 95.x.x.7 www 205.x.x.7 (public static NAT
for
> >internal WWW)
> > |
> > |
> > www.domain.com
> > 10.0.0.1
> >
> >Translating 95.x.x.7 and 205.x.x.7 statically to 10.0.0.1
> >
> >Current Nat Rules
> >
> >Orig
> >Xlated
> >___________________________________________________________________
> >Src Dest Srv |
> >Src Dest Srv
> >Int_www (nothing defined in nat tab) Any Any | Pub_Hide_static
> >Orig Orig
> >
> >We have published the arp for the external address, but it isn't
working....
> >
> >
> >thanks
> >
> >
> >
> >
> >
> >Carric Dooley
> >Network Security Consultant
> >
> >"I have often regretted my speech, never my silence."
> >- Xenocrates (396-314 B.C.)
> >
> >
> >
> >
>
>===========================================================================
=
> >====
> > To unsubscribe from this mailing list, please see the instructions
at
> > http://www.checkpoint.com/services/mailing.html
>
>===========================================================================
=
> >====
>
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Tony Kim
> CSM Systems Inc.
> Chief Network Security Engineer.
> 780-441-3251 1-888-799-2500
>
> Suite 900 - First Edmonton Place
> 10665 Jasper Avenue
> Edmonton, AB
> T5J 3S9
> Canada
>
> http://www.canadashop.com/
> http://www.csm-systems.com/
> http://www.americangamers.com/
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
