You can hide NAT behind an IP other than the external IP of the
firewall. If the hide address is in the same subnet of the firewall you
will need to configure the firewall to proxy arp for the hide address. If
the hide address is in a different subnet, you might have a block addresses
specifically for hide & static NAT'ing for example, you won't need to proxy
arp but the upstream router will need a route for that subnet or a host
route for the hide address pointing to the external interface of the firewall.
-PaulK
At 04:44 PM 6/8/00, Larry Haff wrote:
>Hi All,
>
>In trying to have a FW be as invisible as possible, I have often wondered if
>it would be desirable, or even possible, to hide the portion of a LAN that
>is not using NAT behind an IP address other than the one assigned to the
>external interface of the FW. Has anyone tried this? If yes, can you offer
>guidance?
>
>Larry Haff
>Network and Technical Administrator
>Institute of Computer Technology
>Email: [EMAIL PROTECTED]
>
>
>================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
