locked
pix 6.3 and edge server deployment RRS feed

  • Question

  • Hi All,

    topology looks like this:

    inside -- pix -- outside
                |
                |
              dmz

     

    For example I disable translation on dmz interface: nat 0....

    Does it work if i use static command to make a translation rule between ip addresses in dmz and outside?

    Can i use private ip addresses for the edge servers in dmz somehow  and then translate them to public using static command ? Could anyone suggest which exactly command i have to run?

     

    If you are collocating edge server roles on a computer, each should have a separate IP address. If you do not use a separate IP address for each, you must use separate ports for each collocated edge server role. For collocated edge server roles, we recommend having the IP addresses equal the number of server roles plus one, which provides a separate external IP address for each server role and a shared internal IP address.

     

    To conform to the requirement of a publicly routable IP address of the A/V Edge Server, the external firewall of the perimeter network must not act as a NAT (Network Address Translator) for this IP address.
    Additionally, the internal firewall must not act as a NAT for the internal IP address of the A/V Edge Server. The internal IP address of the A/V Edge Server must be fully routable from the internal network to the internal IP address of the A/V Edge Server.

     

    Thanks in advance!


     

     

    Wednesday, December 26, 2007 9:22 AM

All replies