«

Hi,

My question is a bit tricky, I need your points on this.

First, please have a look at the small diagram I've posted there.

http://cjoint.com/?gkn1qtXQQj

What is missing from the "Red Line" to have it working? Basically, the end
users decides which IP he wants to use for ftp files to the server. Teh end
customer decides it himself with prior notice.

The ftp server has only one default gateway. So, we need something in front
of the ftp to detect from which PIX the connection is coming and then to
force the packets to keep using the same PIX for coming back.

Dynamic routing does ot apply here since the end user decides really himself
the path

Thank you!

JC

In article <>, Jean-Claude <> wrote:
[3 different PIX connected to a single network]

:The ftp server has only one default gateway. So, we need something in front
f the ftp to detect from which PIX the connection is coming and then to
:force the packets to keep using the same PIX for coming back.

If it is not important that the FTP server itself be able to log the
original IP address of the user, then what you can do is tell
each of the PIXes to nat the *source* addresses to an IP address
range that is specific to the PIX.

For example, you could nat the Equant sources to 192.168.14.x,
the Cold to 192.168.45.x, and the MCI to 192.168.89.x .

Your LAN router would direct outgoing packets with these destinations
back to the appropriate PIX. The PIX would recognize that destination IP
was NAT'd and would un-NAT the destination back to the original source
address that was on the packet that was incoming.


This process does not work if you need the inside machines to see
the -original- source IP addresses (e.g., for authentication
purposes.)
--
Studies show that the average reader ignores 106% of all statistics
they see in .signatures.

Not sure I get this one. Well, The, what about the default gateway to add to
the server then?

You mean by your answer that the PIX "keep in memory" who asked the NAT?

No, no, no - I can get it.

If the user comes from the COLT link, how the server knows it has to reply
the packets to the PIX connected to the COLT backbone and not MCI?

Thanks I do understand quick but the teacher has to explain slowly

JC

Ok, I hide nat the Internet clouds. Good idea

JC