- Posts: 198
- Thank you received: 1
PIX 525
17 years 10 months ago #19393
by Dove
Dove
Hi All,
Can some explain in detail about the command static(inside,DMZ).
When googled I understood that its a static NAT but my confusion here is I read one more thing that to travel the packet from low security zone to high security zone need to configure through this command. Please some enlighten me on this, how its works and why and where it should be used. :roll:
Thanks in Advance.
Can some explain in detail about the command static(inside,DMZ).
When googled I understood that its a static NAT but my confusion here is I read one more thing that to travel the packet from low security zone to high security zone need to configure through this command. Please some enlighten me on this, how its works and why and where it should be used. :roll:
Thanks in Advance.
Dove
17 years 10 months ago #19395
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: PIX 525
Hi Dove,
You are quite right in the googling that you have done. The Pix has the Security Level's in order to limit the threats caused by miss-configurations.
In order to get traffic from a High to Low, the traffic will flow as long as Access-Lists are in place, and the Global/NAT has been configured.
From Low to High, you need to make sure that you have a Static Translation in place in order to allow the traffic flow. In older version of the code you used a Conduit but this has been dropped (i have never used the conduit as it was before my time with the pix).
Its just an additional level of security to ensure that in order to go from the outside to inside, you have to manually add a static translation in order to allow the flow.
The static is only required if you want to allow traffic from outside (Security-Level 0) to inside (Security-Level 100). Or if you have a DMZ and you want the traffic flow from outside (Security-Level 0) to DMZ (Security-Level 50).
Traffic from Inside to Outside or Inside to DMZ will flow wihtout configuration of a static translation.
Cheers
You are quite right in the googling that you have done. The Pix has the Security Level's in order to limit the threats caused by miss-configurations.
In order to get traffic from a High to Low, the traffic will flow as long as Access-Lists are in place, and the Global/NAT has been configured.
From Low to High, you need to make sure that you have a Static Translation in place in order to allow the traffic flow. In older version of the code you used a Conduit but this has been dropped (i have never used the conduit as it was before my time with the pix).
Its just an additional level of security to ensure that in order to go from the outside to inside, you have to manually add a static translation in order to allow the flow.
The static is only required if you want to allow traffic from outside (Security-Level 0) to inside (Security-Level 100). Or if you have a DMZ and you want the traffic flow from outside (Security-Level 0) to DMZ (Security-Level 50).
Traffic from Inside to Outside or Inside to DMZ will flow wihtout configuration of a static translation.
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.130 seconds