PDM: warn
C-2-2 PAT first
static (inside,outside) tcp 1.1.1.1 80 1.1.1.1 8080 netmask 255.255.255.255
static (inside,outside) 1.1.1.0 1.1.1.0 netmask 255.255.255.0
PIX: accept
PDM: warn
D. Static PAT and dynamic NAT. Similar to C, overlapping between static PAT and dynamic NAT creates
unpredictable address translation on the PIX Firewall, although overlapping between normal static and dynamic
NAT is fine and causes no problem.
D-1 overlap with nat 0
nat (inside) 0 0 0
static (inside,outside) tcp 2.2.2.1 80 1.1.1.1 8080 netmask 255.255.255.255
or
static (inside,outside) tcp 1.1.1.1 80 1.1.1.1 8080 netmask 255.255.255.255
PIX: accept
PDM: warn
D-2 overlap with dynamic nat
nat (inside) 1 0 0
global (outside) 1 2.2.2.1-2.2.2.100
static (inside,outside) tcp 2.2.2.101 80 1.1.1.1 8080 netmask 255.255.255.255
PIX: accept
PDM: warn
E. Between different pairs of local/global interfaces.
static (inside,outside) 3.3.3.1 3.3.3.1 netmask 255.255.255.255 0 0
static (intf2,outside) 3.3.3.1 2.2.2.1 netmask 255.255.255.255 0 0
PIX: accept
PDM: reject
Copyright © 2001
Cisco Systems, Inc.
Summary of Contents for PIX 520 - PIX Firewall 520
Page 45: ...Copyright 2001 Cisco Systems Inc ...
Page 68: ...Copyright 2001 Cisco Systems Inc ...
Page 74: ...Copyright 2001 Cisco Systems Inc ...
Page 87: ...Copyright 2001 Cisco Systems Inc ...
Page 92: ...Copyright 2001 Cisco Systems Inc ...
Page 108: ......
Page 184: ......
Page 197: ...Copyright 2001 Cisco Systems Inc ...
Page 200: ......
Page 232: ...Copyright 2001 Cisco Systems Inc ...
Page 246: ...Copyright 2001 Cisco Systems Inc ...