[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] SAD question
Title: RE: Re: [FW-1] SAD question
Then you need to subnet your external network ( public IP's ) and make your router
forward the second subnet to your firewall's external IP, then you add a NIC
on the firewall and give this NIC an IP address within the second subnet, you put
your cisco client machine in this network, and youre in buisness
You cant just put a machine in the DMZ and give it an IP address
that dont belong to the DMZ net...
-----Original Message-----
From: Stephan Dubeau [mailto:[email protected]]
Sent: August 9, 2002 9:19 AM
To: [email protected]
Subject: Re: [FW-1] SAD question
The reason I want this device in the DMZ is to be protected by the
FW-1(logic), but I need this REAL IP to connect to my business partner Cisco
PIX.
My business partner dont want to make a firewall to firewall connection,
they want me to use Cisco VNP Dialer to connect to the PIX, so I need a
one-to-one static mapping for my host IP address and the appropriate ports.
My business partner dont have a Cisco concentrator.
Any other suggestion are welcom, I'm lost here!!!
Thanks
Best regards
Stephan Dubeau
Draftsman & IT Manager
----- Original Message -----
From: "Dan Guinn" <[email protected]>
To: <[email protected]>
Sent: Thursday, August 08, 2002 15:49
Subject: Re: [FW-1] SAD question
> So, you are wanting to put a device in your DMZ with a REAL IP, not your
DMZ
> address of 10.x.x.x?
>
> If it were me, I'd put it in with the 10. address, then just NAT it over.
> That can be done with 3 rules...one in the Security policy to allow FTP in
> to the box (source any, dest ftpbox, service FTP, accept), then two in the
> Address Translation section...one to NAT the 10. to the 64. on outbound,
and
> one for 64. to 10. inbound. (let me know if you need help with these)
>
> Good luck!
> Dan Guinn
>
> -----Original Message-----
> From: Stephan Dubeau [mailto:[email protected]]
> Sent: Thursday, August 08, 2002 10:41 AM
> To: [email protected]
> Subject: [FW-1] SAD question
>
>
> S.A.D. (System Administrator by Default = NEWBIE!!!)
>
> Morning all. Is it possible to do this ;
>
> I currently using FW-1 4.1 on NT, I got a DMZ for my ftp server, the
address
> for this machine is 10.x.x.x, so FW-1 is NATing this to give access
to/from
> the Internet. I like to add a new machine with a legal IP address
64.x.x.x.
> in this DMZ.
>
> How my rules would look like?
>
> Thanks
>
>
> Stephan Dubeau
> Draftsman & IT Manager
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================