«

Dear all,

as a newbie I'm learning step by step howto configure
our Pix 515E for several configurations.
During this process I saw somewhere in any manual this
command:

static (inside,dmz) 111.112.113.114 111.112.113.114 netmask 255.255.255.255 0 0

At the moment I can't find out what's the reason for this 1:1
mapping especially the dmz interface has the IP 133.134.135.136.
IMHO there is no chance that the "mapped" 111.112.113.114 is able to
communicate with any host in the dmz since there is no router in this zone.
Many thanks for bringing some light into my confusion about the command above!

Rainer

Rainer Blaes wrote:

> During this process I saw somewhere in any manual this
> command:
>
> static (inside,dmz) 111.112.113.114 111.112.113.114 netmask 255.255.255.255 0 0
>
> At the moment I can't find out what's the reason for this 1:1
> mapping especially the dmz interface has the IP 133.134.135.136.

Basically this says that when address 111.112.113.114 on the "inside"
interface talks to a host in the "dmz" interface segment, the host on
the dmz will see the source IP of 111.112.113.114, basically unchanged.

-DW

"dw" <> wrote in message news:bzPbd.4508$EZ.980@okepread07...
> Rainer Blaes wrote:
>
>> During this process I saw somewhere in any manual this
>> command:
>>
>> static (inside,dmz) 111.112.113.114 111.112.113.114 netmask
>> 255.255.255.255 0 0
>>
>> At the moment I can't find out what's the reason for this 1:1
>> mapping especially the dmz interface has the IP 133.134.135.136.
>
> Basically this says that when address 111.112.113.114 on the "inside"
> interface talks to a host in the "dmz" interface segment, the host on the
> dmz will see the source IP of 111.112.113.114, basically unchanged.
>
> -DW

True, but the same would hold true for nat 0. This configuration would be
for the dmz host talking to the inside host of 111.112.113.114 using its
(the inside hosts) native address.

"PES" <NO*SPAMpestewartREMOVE**SUCK S> wrote in message news:<417170c0$>...
> "dw" <> wrote in message news:bzPbd.4508$EZ.980@okepread07...
> > Rainer Blaes wrote:
> >
> >> During this process I saw somewhere in any manual this
> >> command:
> >>
> >> static (inside,dmz) 111.112.113.114 111.112.113.114 netmask
> >> 255.255.255.255 0 0
> >>
> >> At the moment I can't find out what's the reason for this 1:1
> >> mapping especially the dmz interface has the IP 133.134.135.136.
> >
> > Basically this says that when address 111.112.113.114 on the "inside"
> > interface talks to a host in the "dmz" interface segment, the host on the
> > dmz will see the source IP of 111.112.113.114, basically unchanged.
> >
> > -DW
>
> True, but the same would hold true for nat 0. This configuration would be
> for the dmz host talking to the inside host of 111.112.113.114 using its
> (the inside hosts) native address.


Fine but is there no need for a router in the dmz in the case 111.112.113.114
wants to talk to a dmz host with 133.134.135.137?
How or from where does the PIX know the route from the 111.112.113-Lan into the
Lan 133.134.135.0?

Rainer