Pix 515E: static (High,Low) .... with SAME(!) IP's?

[dasa123]

Dear all,

as a newbie I'm learning step by step howto configure
our Pix 515E for several configurations.
During this process I saw somewhere in any manual this
command:

static (inside,dmz) 111.112.113.114 111.112.113.114 netmask 255.255.255.255 0 0

At the moment I can't find out what's the reason for this 1:1
mapping especially the dmz interface has the IP 133.134.135.136.
IMHO there is no chance that the "mapped" 111.112.113.114 is able to
communicate with any host in the dmz since there is no router in this zone.
Many thanks for bringing some light into my confusion about
the command
above!

Rainer

 

[ChrisAC]

This is most likely so that a device from the LAN going to the DMZ does not get NATed. It's source address remains the same.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[dasa123]

@Chris:
========

1. Many thanks for your answer!

2. Fine but is there no need for a router in the dmz in the
case 111.112.113.114 wants to talk to a dmz host with
133.134.135.137?
How or from where does the PIX know the route from the
111.112.113-Lan into the Lan 133.134.135.0?

 

[ChrisAC]

Any devices in the DMZ should have a default route via the pix interface so any traffic destined for any IP address not on on the DMZ will be routed to the Pix.

Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************